Changes in v4.7.0

Features

• Adaptive Trust Engine: analyze sender/recipient trust and relationship
• User Management: Support Read-Only administrator and domain administrator
• Impersonation Protection: new "External Warning" banner to identify external first time senders
• Cofense (PhishMe) Triage integration: submissions of false-positive and false-negative, will auto-train the engine
• Mobile App: completely rewritten, available for IOS and Android, added Email Continuity
• Outlook Add-In: completely rewritten, available as native Microsoft Add-In
• Outlook Add-In: toolbar button to directly submit false-negatives to Esvalabs
• Email Continuity: URLSand protection is active for each shown email
• Email Continuity: allow sending of new email
• Email Continuity: full scan of email generated on the WebUI
• URLSand: support for white-labelling of scan pages (license needed)
• LDAP configuration: main address used for quarantine report and licensing is now freely configurable
• Email notification: new HTML templates for many automated notifications (license, services status, ...)
• Account Takeover Protection: new "Access Control" policies allow more fine-grained sender/recipient rejection policy
• New Remote Support: give feedback on connection enabled, and allow for connection on port other than 25
• Hyper-V: automatic updates of guest tools
• SNMP: in cluster environment, allow for distinct configuration on each node

Security

• New authentication and authorization system, with support fine grained capabilities and roles
• Login: CSRF protection on all logins
• Password Recovery: integrate with passwordless-authentication when applicable
• Password Recovery: use one-time-password for recovery
• Passwordless Authentication: rewritten to seamlessly integrate in the WebUI
• Passwordless Authentication: only use HTTPS to increase security
• Transport Layer Security: Let's encrypt auto-renewing certificate can now be used also for SMTPS
• DNS: primary DNS is no longer editable, to avoid common misconfiguration which results in severe security issues
• Antispam Engine: spam check can now be applied to the whole email, honoring MTA limits in all circumstances
• Quicksand: dangerous email can now be flagged as infection to prevent users accidental release
• Libraesva Update: new distribution system, which support transactions and CDN deployments
• Quicksand: maintain distinct categorization for ZIP archives and contained sanitized PDF.
• WebUI: separate session for HTTP and HTTPS to improve cookie security
• URLSand: refactored code to support replacements of all text-links in HTML
• Attachment Filters: blocks many new extensions by default (e.g. crt, perl, python, ...)
• User interface: user capabilities on a message are checked for every action in quarantine and WebUI
• Recall action now shows whether the user has read the email before it was recalled

Improvements

• DKIM: allow to export public keys
• Maillog viewer: allow downloading of previously rotated logs
• SMTP Policy Quota: renamed to Account Takeover Protection for consistency
• Impersonation Protection: incorporate "Whaling" protection and "Phishing Highlight"
• HTTPS: automatically enable "force SSL" option after Let's Encrypt certificate generation
• Reports: allow filtering by Trusted source
• Dashboard: new gauges shows all system resources and usage
• Dictionary: find triggered words in message details
• Spam Report: find domain which trigger malware or graymail rules
• HTTPS: show relavant certificate details
• SMTP TLS: show all relavant certificate details
• UI: modernize button styling
• Dangerous Content Release Override removed (superseded by user capabilities)
• Passwords: require that password are at least 8 chars
• Advanced settings: full-whitelist can now be configured as "antivirus only"
• Improved database performance and reliability of: whitelist, blacklists, user manager, geolocation, user tokens, quarantine delivered, first time senders.
• License: use incremental counting to speedup nightly jobs
• SPF: updated deamon to latest version and added diagnostic page spf.libraesva.com
• New internal monitor for HTTPS service availability and recovery
• Mail Encryption: sensitivity header detection is off by default
• Message Details: added many rules descriptions
• Message Details: highlight email received from trusted sources (network or SMTP-Auth)
• Message Details: show whaling rule at top in spam reports
• Message Details: add link to search attachments hash on VirusTotal
• Message Details: improve mail details header
• Message Details: shows signatures validation and notable headers
• New quarantine disk monitor with better prevention of disk exhausted
• Whitelabel: remove Libraesva prefix from user pages
• Whitelist/Blacklist: automatic initialization of "Check Only From Envelope" based on user context and permissions
• Authentication test: clear output from authentication logs
• Web UI: added templates for HTTP exceptions
• API: searchMessage supports more types
• API: add userId and/or email to ReleaseMsg

Bug fixes

• Whitelist/blacklist: cleanup empty data from DB which may interfere with analysis
• Attachment warnings: implemented workarounds for Apple Mail visualization bugs
• Attachment Filters: allow longer filename extensions
• Distributed Setup: fix DKIM keys permissions on replication
• Domain import: initialize URLSand/QuickSand configuration
• Score Normalization: fix counting of normalization history
• Message Details: better highlight for GRBL and URI_DOMAIN rules
• UI: refer to "Infection" instead of "Virus" where appropriate
• Quarantine: permission monitor scans quarantine multiple times per hour
• MTA advanced: myhostname validation make sure that simple domain name are not used
• Valid Recipient List: better cleanup and validation of email address
• LogWatch: mail from and mail to are aligned with system preferences
• Custom spam rules: prevent creating rules with invalid names
• SMTP Auth: remove warnings about duplicate records
• Rsyslog: increase rate limiting to prevent packed drops
• SMTP Reject: properly log dynamic verification failures as recipient unknown
• SMTP Reject: properly log some new SPF failures log
• Cluster monitor: when resetting make sure to flush all isolated hosts
• Firewall Checks: add more return codes analysis to improve reliability
• User import: honor white labelling in email template
• SystemHealth: properly check for ClamAV signatures updates
• URLSand: skip domains .local and .intranet
• LocalRBL: removed debug logs
• Branding: aligned the product name to Libraesva ESG
• API: stabilization of getmaillog and getspamlog