Table of Contents
Changes in v4.7.12 (Apr 12, 2021)
Security
- Undisclosed security fix (thanks to Daniele Barattieri – Ethical Security for the responsible disclosure)
Changes in v4.7.11 (Jul 17)
Bug Fixes
- Office 365 User Import: Fix memory allocation during import
- User Import: fix import when there are usernames with special or non-printable characters
Improvements
- Added Reboot button after “System Resources” changes
Changes in v4.7.10 (Jul 7)
Security
- Fix SQL injections in Report page
Bug Fixes
- Distributed Setup: fixed push of SMTP Policy Quota configurations
Changes in v4.7.9 (May 12)
Security
- URLSand replace of URL in text part has been highly optimized (at least 10x faster)
- Quicksand recognise a new branch of XML Macros
Improvements
- Improved UI for Authentication results protocols in messages details (i.e. SPF, DKIM, DMARC, SMTP-Auth, Trusted networks)
- Relay test improved to test Dynamic verification
- More efficient disaster-recovery procedure on quarantine disk full
- Quarantine replica monitor will promply notify admin of anomalies
- Improved whaling functionality description
Bug Fixes
- Relay test honor the MX flag in configuration
- Delivery of quarantine reports correctly handles email address with special chars (e.g. multiple @ signs)
- Anti-spam optimizer supports rules with special/invalid UTF-8 sequence
- Resoved an issue with rebalancing of Adaptive Trust Engine which prevented some message release
- Summary report add missing SMTP reject types (e.g. DNS Recipients)
- Regression in report filtering by MCP has been solved
Changes in v4.7.8 (Apr 21)
Security
- Fix SQL Injection in Attachment Filters page (thanks to Eng. Basim Alabdullah for the responsible disclosure)
- Intercept new branch of encrypted Microsoft documents
- Quicksand integration with antispam is now able to block email with encrypted documents
- TLS policy are correctly saved for route like [mail.srv.test]
Improvements
- Block email with attachment blocked can now be overridden by single email relay
- Submit as Good/Bad report includes JSON+LD data and use the quarantine digest template
- Added more logging and benchmark for Quarantine digest report
- Balance upper limit for MTA processes on small systems
Bug Fixes
- Fix duplicate license count with O365 when username and primary email address are different
- API: restore backward compatibility for addLdapSet
Changes in v4.7.7 (Mar 19)
Security
- Blocks IQY files by default
- UI: Remove dangerous and superseded action “Delete ALL” from queue management
- UI: authenticate user before serving image caches
Improvements
- Notify user about the delayed reload of the license after upload
- Improve web UI for mailbox usage page
- Don’t notify cluster minor issues when auto-recovery is successful
- API: added new filters subject, from and quarantined to message list call
- Refactored many rsyslog messages, most notably QuickSand and Whaling
- Remote support: new debug mode allows for deeper inspection of mail engine analysis
Bug Fixes
- Report: fix saving and restore when there are multiple filter conditions on the same datasets
- Prevent PID file cleanup by spurious MailScanner service check
- URLSand: avoid very long line after HTML substitution
- Remove spurious snmpd logging when outgoing queues are empty
- Don’t overwrite let’s encrypt cert when migrating to wildcard certificate
- Add benchmarks for quarantine reports in cron logs
- Logwatch: add QuickSand, Whaling, TNEF and improve ClamAV and SpamAssassin
- Licensing: only count the main address as mailbox in O365
- API: properly initialize message properties for URLSand and Quicksand
Changes in v4.7.6 (Mar 10)
Security
- Adaptive Trust Engine use per domain history size, to increase security in MSP appliance
- Bayes engine track originating username in audit log instead or generic “system”
- Uniform bayes learning capabilities across domain admins
- Autoban IP trying to brute force O365 JWT authentication
Improvements
- Adaptive Trust Engine learn known senders from release actions
- Log all fail2ban actions in remote syslog
- Faster dashboard loading time for cluster and queue status
- Improve ESG self-updating script to be more responsive when handling incident response
Bug Fixes
- Properly configure OEM antivirus after license change
- Recover Let’s Encrypt certificate renew under some configuration
- Use simpler (and slower) LDAP queries for LDAP “OTHER” types, to increase compatibility
- Prevent configuration errors, when all TLS policies are removed
Changes in v4.7.5 (Mar 3)
Security
- Quicksand intercept new category of autostart macro in Microsoft Documents
Improvements
- Use CIDR notation in SMTP Check Override
- distributed setup monitor all configuration changes in web UI
- Adaptive Trust Engine web UI huge speed improvements (up to 90% faster)
- LDAP/O365 import jobs only run on master nodes
- O365 import use parallel requests to improve import times
Bug Fixes
- recover ability to disable Graymail plugin
- avoid slow replication on huge valid recipients import
- distributed setup monitor properly show queue out values
- distributed setup monitor show UI indication on successful propagation
- correctly restore rsyslog configuration in distributed setup
- disable automatic start of Account Takeover Protection if included in license
- prevent duplicates domain in SPF exception
Changes in v4.7.4 (Feb 21)
Security
- Domain-admin cannot release potentially spoofed email (i.e. sent from his domain but from untrusted source)
- Bayes learning manual actions from UI require admin level
- Introduce a timeout in Quicksand pre-analysis
- Hide scheduled reports from read-only administrators
Features
- New user type: Quarantine Admin
- New user type: Read-only Multi-domain Admin
- New user type: Quarantine Multi-domain Admin
- New user type: Quarantine Domain Admin
Improvements
- Speedup Quicksand analysis of macros
- Speedup Quicksand analysis of PDF with many links
- Submit as Bad/Good cannot be made by read-only administrators
- Hide unauthorized actions in message detail page
- Add more detail to quarantine test page
- Allow quarantine digest for read-only adminstrators
- Reduce default number of Engine core to
2 * n-CPU - Enable O365 groups synchronization
- Reduce logging of SNMPd sent via rsyslog
- Default date ranges in search page is a day or a week depends on database size
Bug Fixes
- Prevent SQL syntax errors in user manager page
- Limit TLS logging to normal or verbose level
- Message recall from Exchange 2010 SP3 no longer returns XML validation error
- Disable VM-resize of Libraesva cloud appliances
- Don’t show “already released” warning on first release action
- Validate hostname with numbers in First Install Wizard
- License count doesn’t fail on duplicate utf-8 records
Changes in v4.7.3 (Feb 12)
Security
- Fix ownership check of whitelist and blacklist when SafeLearn is enabled
- Prevent named anchor in email to trigger URLSand warning
Improvements
- Show a more friendlier message when login is rejected by unauthorized network login
- Allow to set quarantine enabled in bulk digest option changes
- List mail in active queue as outgoing
- More reliable text import of valid recipients
- Bayes engine changs are applied in batches and nicely
- Remote support is kept up on reboot, unless stopped by WebUI
- Remove dangerous delete all options from valid recipient list from text import
- Pause Incoming Mail exception for 127.0.0.1
- Properly log dictionary rules as such (not as generic MCP)
Bug Fixes
- Fix delete message in Email Continuity
- Check service scripts use locking mechanism
- Fix output results on WebUI and log properly the user
- EWS: removed check to limit one TR connector per domain
- properly check FQDN hostname in wizard
- Remote support connection not working in some circumstances
- Cleanup temporary data after FTP backup
- API addLdapSet – align mandatory params with WebUI
- UI: Hint for default External Warning exceptions
Changes in v4.7.2 (Feb 6)
Security
- Phishing highlight use faster Libraesva CDN
- Intercept new macro malware variant as suspicious in Quicksand
- Disable insecure TLSv1 TLSv1.1 on HTTPS
Improvements
- Timeout for password reset reduced from 1 day to 1 hour
- Improved auditing and internal logging for passwordless authentication
- Add URLSand Whitelabel in Email Continuity
Bug Fixes
- Workaround LDAP filters limitation on Domino servers to recover user import
- Passwordless authentication preserve target page on login
- External Warning duplicate check
- Fix Spam action convert to attachment
- Properly use quarantine host URL instead of hostname for some release links
- Preserve user source from Check parameters in User Class setters
- UI: dashboard memory gauge now is accurate even with fractions of GB
- UI: minor fix javascript actions in detail pages for IE11
- API: allow API login when password contains special chars
- Deprecated user API: restore editing of whitelist and blacklist
Changes in v4.7.1 (Jan 23)
Security
- Whaling Protection: handle non-standard From headers containing Whale-name in mixed case
Improvements
- Asynchronous bayesian learn after message release from digest report
- Better interface for Bounce messages in the Details page
- Update Logwatch rules
Bug Fixes
- License Count: properly ignore address of deleted domains
- User Management: fixed bug in detection of duplicated usernames
- User Management: column sorting by username restored
- Whaling Protection: fixed bug in web UI that prevent new Whale creation
- URLSand: fixed bug which prevented the service to be disabled
Changes in v4.7.0 (Jan 3)
Features
- Adaptive Trust Engine: analyze sender/recipient trust and relationship
- User Management: Support Read-Only administrator and domain administrator
- Impersonation Protection: new “External Warning” banner to identify external first time senders
- Cofense (PhishMe) Triage integration: submissions of false-positive and false-negative, will auto-train the engine
- Outlook Add-In: completely rewritten, available as native Microsoft Add-In
- Outlook Add-In: toolbar button to directly submit false-negatives to Esvalabs
- Mobile App: completely rewritten, available for IOS and Android, added Email Continuity
- Email Continuity: URLSand protection is active for each shown email
- Email Continuity: allow sending of new email
- Email Continuity: full scan of email generated on the WebUI
- URLSand: support for white-labelling of scan pages (license needed)
- LDAP configuration: main address used for quarantine report and licensing is now freely configurable
- Email notification: new HTML templates for many automated notifications (license, services status, …)
- Account Takeover Protection: new “Access Control” policies allow more fine-grained sender/recipient rejection policy
- New Remote Support: give feedback on connection enabled, and allow for connection on port other than 25
- Hyper-V: automatic updates of guest tools
- SNMP: in cluster environment, allow for distinct configuration on each node
Security
- New authentication and authorization system, with support fine grained capabilities and roles
- Login: CSRF protection on all logins
- Password Recovery: integrate with passwordless-authentication when applicable
- Password Recovery: use one-time-password for recovery
- Passwordless Authentication: rewritten to seamlessly integrate in the WebUI
- Passwordless Authentication: only use HTTPS to increase security
- Transport Layer Security: Let’s encrypt auto-renewing certificate can now be used also for SMTPS
- DNS: primary DNS is no longer editable, to avoid common misconfiguration which results in severe security issues
- Antispam Engine: spam check can now be applied to the whole email, honoring MTA limits in all circumstances
- Quicksand: dangerous email can now be flagged as infection to prevent users accidental release
- Libraesva Update: new distribution system, which support transactions and CDN deployments
- Quicksand: maintain distinct categorization for ZIP archives and contained sanitized PDF.
- WebUI: separate session for HTTP and HTTPS to improve cookie security
- URLSand: refactored code to support replacements of all text-links in HTML
- Attachment Filters: blocks many new extensions by default (e.g. crt, perl, python, …)
- User interface: user capabilities on a message are checked for every action in quarantine and WebUI
- Recall action now shows whether the user has read the email before it was recalled
Improvements
- DKIM: allow to export public keys
- Maillog viewer: allow downloading of previously rotated logs
- SMTP Policy Quota: renamed to Account Takeover Protection for consistency
- Impersonation Protection: incorporate “Whaling” protection and “Phishing Highlight”
- HTTPS: automatically enable “force SSL” option after Let’s Encrypt certificate generation
- Reports: allow filtering by Trusted source
- Dashboard: new gauges shows all system resources and usage
- Dictionary: find triggered words in message details
- Spam Report: find domain which trigger malware or graymail rules
- HTTPS: show relavant certificate details
- SMTP TLS: show all relavant certificate details
- UI: modernize button styling
- Dangerous Content Release Override removed (superseded by user capabilities)
- Passwords: require that password are at least 8 chars
- Advanced settings: full-whitelist can now be configured as “antivirus only”
- Improved database performance and reliability of: whitelist, blacklists, user manager, geolocation, user tokens, quarantine delivered, first time senders.
- License: use incremental counting to speedup nightly jobs
- SPF: updated deamon to latest version and added diagnostic page spf.libraesva.com
- New internal monitor for HTTPS service availability and recovery
- Mail Encryption: sensitivity header detection is off by default
- Message Details: added many rules descriptions
- Message Details: highlight email received from trusted sources (network or SMTP-Auth)
- Message Details: show whaling rule at top in spam reports
- Message Details: add link to search attachments hash on VirusTotal
- Message Details: improve mail details header
- Message Details: shows signatures validation and notable headers
- New quarantine disk monitor with better prevention of disk exhausted
- Whitelabel: remove Libraesva prefix from user pages
- Whitelist/Blacklist: automatic initialization of “Check Only From Envelope” based on user context and permissions
- Authentication test: clear output from authentication logs
- Web UI: added templates for HTTP exceptions
- API: searchMessage supports more types
- API: add userId and/or email to ReleaseMsg
Bug fixes
- Whitelist/blacklist: cleanup empty data from DB which may interfere with analysis
- Attachment warnings: implemented workarounds for Apple Mail visualization bugs
- Attachment Filters: allow longer filename extensions
- Distributed Setup: fix DKIM keys permissions on replication
- Domain import: initialize URLSand/QuickSand configuration
- Score Normalization: fix counting of normalization history
- Message Details: better highlight for GRBL and URI_DOMAIN rules
- UI: refer to “Infection” instead of “Virus” where appropriate
- Quarantine: permission monitor scans quarantine multiple times per hour
- MTA advanced: myhostname validation make sure that simple domain name are not used
- Valid Recipient List: better cleanup and validation of email address
- LogWatch: mail from and mail to are aligned with system preferences
- Custom spam rules: prevent creating rules with invalid names
- SMTP Auth: remove warnings about duplicate records
- Rsyslog: increase rate limiting to prevent packed drops
- SMTP Reject: properly log dynamic verification failures as recipient unknown
- SMTP Reject: properly log some new SPF failures log
- Cluster monitor: when resetting make sure to flush all isolated hosts
- Firewall Checks: add more return codes analysis to improve reliability
- User import: honor white labelling in email template
- SystemHealth: properly check for ClamAV signatures updates
- URLSand: skip domains .local and .intranet
- LocalRBL: removed debug logs
- Branding: aligned the product name to Libraesva ESG
- API: stabilization of getmaillog and getspamlog