Symantec Brightmail AntiSpam Version 6.0.3 Release Notes
December 21, 2005
Copyright © 2005 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, Brightmail, and Symantec Brightmail
AntiSpam are trademarks or registered trademarks of Symantec
Corporation or its affiliates in the U.S. and other countries.
Other names may be trademarks of their respective owners.
The Licensed Software and Documentation are deemed to be
"commercial computer software" and "commercial computer software
documentation" as defined in FAR Sections 12.212 and DFARS
Section 227.7202.
=================================================================
Known issues in Version 6.0.3
=================================================================
1. Erroneous error message when installing or uninstalling on
Solaris 10
If you see the error message -- "couldn't set locale correctly"
-- when installing or uninstalling on Solaris 10, disregard it.
(PR 16439)
2. Red Hat Enterprise Linux AS 3.0 users may not be able to
connect Tomcat to the MYSQL server
When attempting to start the Control Center after installation,
users may receive the error: "Host 'localhost.localdomain' is not
allowed to connect to this MySQL server" (PR 9225). If you
receive this error, do the following:
a. Determine your MySQL brightmailuser password as described in
"Access MySQL with brightmailuser Account Instead of root" in
this document.
b. Open the MySQL client using the password you just looked up:
mysql --user=brightmailuser --password=PASSWORD
c. Run the following command on a single line. Replace
REPLACE_HERE with either the IP Address or host name of the
machine:
GRANT ALL PRIVILEGES ON *.* TO 'brightmailuser'@'REPLACE_HERE'
IDENTIFIED BY 'password' WITH GRANT OPTION;
3. Change to default port for Tomcat requires adjustments
If you are using the Tomcat Web Application server to run the
Control Center, the default port is 41080. If you wish to use
another port, you must make changes to accommodate this choice in
two places, as follows:
a. Change the default port in the Tomcat configuration file,
located at: /Tomcat/jakarta-tomcat-4.1.27/conf/server.xml
to: port="xxxx"
where xxxx is the new port value you are setting.
b. Change the default port in the MySQL database, as follows:
table: settings_system
name: APPLICATION_PORT
value: xxxx
where xxxx is the new port value you are setting.
When accessing the Control Center in your browser, substitute the
new port. For example, if the new port is 12345, type:
http://localhost:12345/brightmail/
4. Needless errors posted for Client-only Scanner
After installing a Brightmail Scanner that includes only a
Brightmail Client, errors will be generated based on the lack
of an installed Brightmail Server. You can in this situation
safely ignore errors regarding the following issues (PR 10103):
-Unable to open client cert.
-Could not open path/ruleupdates.xml: No such file or directory.
-Command handler: could not stream file path/ruleupdates.xml.
-Command handler: failed to open directory path/Stats.
-Command handler: could not resolve file spec $STATSDIR$$/$mc_stats.*.xml.
5. AntiVirus Cleaner status on Control Center incorrect
If your antivirus filtering is stopped and restarted, the Status
page on the Control Center may continue to show the status as
Stopped. There is no way to correct the Status page. (PR 8365)
6. Need to issue kill command to stop Tomcat
The included stop script for Tomcat fails to stop the Tomcat
process. Should you need to stop Tomcat, issue a kill command.
(PR 9326)
7. Cannot store logs with more than 5000 entries
You cannot save a log file with more than 5000 entries. You can
use the Control Center to narrow the criteria for your save so
that fewer than 5000 entries will be written to disk with each
save operation. (PR 9587)
8. Need to remove old logs before reinstalling Scanner
If you uninstall a Scanner and do not remove the log files, and
then later re-install a Scanner, the Control Center will not
display the latest logs for the Scanner. To avoid this problem,
be sure to remove the log files after uninstalling a Scanner.
(PR 10081)
9. Quarantine searches return too many or no results
Some Quarantine searches return messages that do not match
the search criteria specified. Quarantine has a built-in
limit designed to prevent performance problems: for any search
that would return more than half the messages in the database,
no results are shown. Because some searches return many inaccurate
results, they can exceed the 50% limit and as a result show
no matches. (PR 9113)
10. When upgrading, AntiVirus is incorrectly shown as enabled
When upgrading to this version, Symantec AntiVirus is shown in
the Control Center as enabled even if you previously did not have
Symantec AntiVirus enabled, or didn't have a subscription. To
disable it again, click the Settings tab and then click Settings
under AntiVirus. Make sure that the Scan messages for viruses
check box is cleared, and then click Save. If you purchased a
subscription and want to enable AntiVirus, check Scan messages
for viruses and click Save. (PR 10385)
11. Incorrect version of MySQL reported
If you check the version of MySQL using the BrightmailVersion
URL (http://localhost:41080/brightmail/BrightmailVersion) the
version of MySQL differs from the MySQL version reported when you
start the MySQL command line interface with the mysql command.
The version listed when starting the MySQL command line interface
is the correct version. (PR 10409)
12. Top recipient report shows 1 less recipient than there were
For the reports Spam: Top Recipients and Virus: Top Recipients,
when viewing the time range of Past Month or Past Week, the
number of recipients displayed is one less than the number of
recipients selected to display. (PR 10441)
13. IP Address for Quarantined messages remains at old address
If, when installing a Scanner, you chose the "Any computer"
option for the address of the Brightmail Control Center,
configured spam messages to be quarantined, and later replaced
the Scanner and Brightmail Control Center, the old IP address for
quarantined messages is retained. (PR 10153)
14. Access MySQL with brightmailuser account instead of root
For better security, access to MySQL is now done via an account
called brightmailuser instead of the MySQL root account. The
brightmailuser password is created during the installation.
(PR 13823)
If you need to start a MySQL client session, you must know the
randomly-generated brightmailuser password specific to your
installation. Follow these steps to determine your brightmailuser
password:
a. Open a console window as root.
b. Locate your Tomcat installation directory by running the
following command:
grep "CATALINA_HOME=" /etc/init.d/tomcat4
c. Open the file $CATALINA_HOME/conf/server.xml with a text
editor while logged in as root.
d. Locate the following section under the /brightmail Context.
username
brightmailuser
password
password
e. Note the current password in password.
f. Exit from the server.xml file.
15. Control Center won't install on Windows Server 2003 after Service
Pack install
On Windows Server 2003, the Brightmail Control Center does not install
after applying Service Pack 1. To fix this problem, change the properties
of My Computer to add "Turn on Dep for all programs and services except
for those I select". Then, install the Control Center again.
To change the properties of My Computer:
a. On the desktop, right-click My Computer, and then click Properties.
b. On the Advanced tab, under Performance, click Settings.
c. In the Performance Options dialog box, on the Data Execution
Prevention tab, click Turn on Dep for all programs and services except for
those I select.
d. Click Add.
e. In the Open dialog box, go to the directory where the installation
files are and locate the file bcc_installer_win.exe in the root of the
ControlCenter folder. Click bcc_installer_win.exe, and then click Apply.
16. Report totals reset to 0 after upgrade
Report totals on the Reports summary page are reset to 0 after an upgrade
from one 6.0.x version to another. As new mail enters the system, the
totals will increment as usual. (pr 14907)
17. Character set support
The Control Center and Quarantine only support the ISO-Latin-1 character
set. (PR 7425)
18. Recent Sun patch can cause bmserver not to load
The loading of some recent Sun security patches for Solaris 8, 9, and 10
creates a situation in which the Brightmail Server fails on startup. (PR
16483 and 16578)
These patches are described in Sun Alert 101794, located at
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1. To
solve this problem, please contact Sun Support.
=================================================================
Important Changes and Additions for Version 6.0.3
=================================================================
1. Documentation not updated
The Symantec Brightmail AntiSpam Installation Guide and the
Symantec Brightmail AntiSpam Administration Guide have not
been updated for Version 6.0.3. Therefore, the new information
contained in this release note warrants particular attention.
2. Installation and upgrade
Symantec recommends that you upgrade all of your Brightmail Scanners
to Version 6.0.3 before you upgrade your Brightmail Control Center.
You can upgrade from versions 6.0, 6.0.1, or 6.0.2. Upgrading
or migrating data from Version 5.5 or earlier is not supported.
Use of the Settings > Migration page in the Brightmail Control Center
is not supported. For complete installation documentation, see the
Symantec Brightmail AntiSpam Installation Guide.
3. Migrations and upgrades from Version 4.0 not possible
You cannot migrate, upgrade or combine a Brightmail Solution Suite
4.0.x configuration with a Symantec Brightmail AntiSpam 6.0.x
configuration. The configuration models are completely different.
4. Some Quarantine settings disabled upon install
In order to enhance performance, the Installer will set the value
of the following Quarantine settings to FALSE, for both new and
upgrade installations:
settings_quarantine.MAX_SIZE_FLAG
settings_quarantine.MAX_INBOX_SIZE_FLAG
settings_quarantine.MAX_NUM_MESSAGES_FLAG
settings_quarantine.MAX_NUM_INBOX_MESSAGES_FLAG
Disabling these settings can dramatically improve Quarantine
performance. To enable these settings, go to the Quarantine
settings page in the Brightmail Control Center. (PR 15996)
5. Library required on Linux
On Linux operating systems, Symantec Brightmail AntiSpam requires
the library libXp.so.6. This library is typically found in
/usr/X11R6/lib/ and is available as of the date of this
release note at
ftp://194.199.20.114/linux/fedora/core/3/i386/os/Fedora/RPMS/xorg-x11-
deprecated-libs-6.8.1-12.i386.rpm.
6. Repeated installations on same machine not supported
If you install Symantec Brightmail AntiSpam, you cannot install it
again on the same machine unless you first uninstall it. (PR 16464)
7. New decomposer
Symantec Brightmail AntiSpam Version 6.0.3 includes the Version
3.02.14.08 Symantec decomposer, release 14f. This decomposer fixes
a vulnerability to multiple heap overflows during decompression
that could allow remote computer access via SMTP.
8. Latest signature rules
Symantec Brightmail AntiSpam Version 6.0.3 makes use of the most
advanced signature matching technology available, BrightSig3.
9. Solaris 10 supported
Symantec Brightmail AntiSpam Version 6.0.3 supports Solaris versions
8, 9, and 10.
10. Symantec Spam Plug-in for Outlook clarifications and corrections
Note the following Symantec Spam Plug-in for Outlook clarifications
and corrections to the 6.0.2 version of all Symantec Brightmail
AntiSpam documentation. (PR 14976)
a. All configuration options must be on the same line.
b. The variable name "ALLOWED CONTACTS" is incorrect.
The correct variable name is "ALLOW_CONTACTS".
c. The variable name "DISPLAY_ARE_YOU_SURE_MSGS" is incorrect.
The correct variable name is "DISPLAY_ARE_YOU_SURE_MSG".
The AUT_-AD_-BLOCKED variable can have any one of the following three
values: 0; 1; 2. To disable this setting, give it a value of 2.
11. Symantec Spam Plug-in for Outlook toolbar does not appear
If you are upgrading from a previous version of the Symantec Spam
Plug-in for Outlook, or have uninstalled and reinstalled the Outlook
Plug-in and the toolbar does not appear when Outlook is opened,
do the following:
-- Open Windows Explorer.
-- Browse to the Extend.dat file, right-click it, and delete it.
The default location for the Extend.dat file is:
Windows 98
C:\Windows\Local Settings\Application Data\Microsoft\Outlook
Windows NT 4.0
%Userprofile%\Application Data\Microsoft\Outlook.
Windows 2000/XP
%Userprofile%\Local Settings\Application Data\Microsoft\Outlook
(PR 14976)
12. Optional function call in SDK
An optional function call has been added to the Symantec Brightmail AntiSpam
SDK, bmiRequestID. This call returns the dotted decimal IP address of the
connected Brightmail Server. (PR 14908)
13. LDAP checking for invalid recipients enabled in admin-only mode
Previously, when used in admin-only mode, Quarantine would not attempt
to delete messages with unresolved recipients, even if the Delete messages
sent to unresolved email addresses checkbox was checked. Now, if you have
configured an LDAP authentication source, and the checkbox is checked,
Quarantine will perform lookups and attempt to resolve recipients, and
will delete messages for unresolved recipients. (PRs 14779, 15724)
14. LDAP authentication caching enabled by default
LDAP authentication caching has been enabled by default. This represents a
performance improvement. (PR 15726)
15. Query cache enabled in Mysql by default
Query caching has been enabled by default in MYSQL. This represents a
performance improvement. (PR 14879)
=================================================================
Patch release notes
=================================================================
The following patches have been applied since the last update to
the documentation for Symantec Brightmail AntiSpam Version 6.0.
patch 148
PR #: 14423
Component: Spamhunter
Summary: Split URL schema hides URL
Previously, Spamhunter's decomposer detected URLs by
finding one of a fixed set of prefixes. If the prefix was split
by whitespace, the URL beginning was not detected. This patch
resolves this issue.
Patch 149
PR #: 14100
Component: Sieve module
Synopsis: Heavily nested MIME message ties up service thread
Previously, processing a heavily nested MIME message
could cause all CPU resources to be consumed. Patch 149 provides
a cutoff limit to the parse depth for a given message. This limit
is twice the value set for the AntiVirus Maximum Scan Depth. If
the maximum number of mime parts is exceeded, the Sieve module
will treat the message as a standard RFC2822 message.
Patch 151
Pr #: 14375
Component: Spamhunter
Synopsis: language rules not firing on subjects or mixed
language messages
Previously, language-specific AntiSpam rules were not
firing on subjects or bodies of some messages with more than one
identified language. This issue has been resolved.
Patch 153
PR #: 14924
Component: bmserver
Synopsis: Engine appears to freeze while writing stats
Formerly, writing statistics out while
processing messages with very large numbers of recipients was
taking too long due to non-optimized string-related calculations.
This has been resolved.
Patch 155
PR #: 10457
Component: Conduit and AntiVirus
Synopsis: AntiVirus Cleaner exits when loading corrupt ruleset.
Never restarts.
Formerly, the AntiVirus Cleaner would exit and
not restart when given a corrupt ruleset. The rulesets are now
tested by the Conduit before being loaded, and will not be loaded
if they fail.
Patch 156
PR #: 15111
Component: Quarantine
Synopsis: Quarantine LDAP address resolution does not escape wildcards.
Formerly, when Quarantine tried to verify recipient
addresses against an LDAP directory, wildcard characters in the
recipient address were not escaped but instead passed in the LDAP
query. This increased the load on the LDAP server as it searched,
not for an exact match to the recipient address, but for all
records that matched the wildcard expansion. This has been
resolved; the following reserved characters are now escaped when
performing email address resolution: [space], \, *, (, ).
Patch 157
PR #: 8070 and 15481
Component: AV
Synopsis: AntiVirus Scanner and AntiVirus Cleaner Timeouts
Formerly, certain messages could cause the AV Scanner
and AV Cleaner to process messages for an extended period of time. This
has been resolved in the following manner:
8070:When scanning or cleaning messages, the modules will timeout if
processing time has exceeded a defined timeout value.
If the timeout occurs during AV cleaning, the cleaner will revert the
message back to its original form (discarding any cleaning that has
happened so far on the message) and deliver it with a notification
that the message could not be cleaned.
15481: Formerly, when processing a winmail.dat object embedded in a MIME
file within a particular message, the decomposer would crash. This has
been resolved with a new version of the decomposer.
Patch 160
NOTE: Patch 160 includes and supersedes patches 151 and 148.
PR #: 15915
Component: Spamhunter
Synopsis: Messages containing URLs with certain characteristics are not
detected as extractable URLs
Formerly, URLs with certain
characteristics were not detected as extractable URLs, causing
active URL filters not to fire on them. This has been resolved.
Now, such URLs are detected properly.
Patch 161
NOTE: Patch 161 includes and supersedes patches 151, 148, and 160.
PR #: 16234 and 16307
Component: Spamhunter
Synopsis: crash in Spamhunter on specific message
16234: Previously, a problem in MIME parsing was leading to an
error in handling certain message attachments. This has been resolved.