Libraesva ESG v4.8: Release Notes

Libraesva ESG

Changes in v4.8.14 (Apr 12, 2021)

Security

  • Undisclosed security fix (thanks to Daniele Barattieri – Ethical Security for the responsible disclosure)

Changes in v4.8.13 (Jan 29, 2020)

Improvements

  • Whaling Protection: use DMARC to validate legitimate whales

Changes in v4.8.12 (Nov 23)

Security

  • QuickSand: Excel 4.0 macro-formulas embedded in OLE2 xls files are considered suspicious.
  • QuickSand: Block MIME text files saved as an Office document

Improvements

  • Added new SNMP OIDs for License informations

Bug Fixes

  • Increased length of field “LDAP Search Base” in SMTP Auth LDAP settings
  • User action “Mark as Spam” is authorized to user with that permission from outside of Safe-Learn networks
  • Increased download timeout of Libraesva Updates to 10 minutes
  • Outlook Addin: updated Content Security Policy requirements

Changes in v4.8.11 (Nov 12)

Security

  • Improved detection of encrypted PDF

Bug Fixes

  • Properly check domain before adding to the relay table
  • Avoid timeout during LDAP import of Valid Recipient/User

Changes in v4.8.10 (Nov 03)

Security

  • Properly extract files in utf8 from 7zip attachments

Improvements

  • Limit Dictionary rules to outgoing email instead of all trusted sources

Bug Fixes

  • License count for “ESG for Office 365” aligned to the Microsoft 365 licensing
  • Properly check current IP when changing “Login Authorized Network” for Admin user

Changes in v4.8.9 (Oct 27)

Improvements

  • Allowed Safe Learn Users to mark for release a message

Bug Fixes

  • Domain Admin can totally configure a new White/Black list from Message Details
  • Graymail plugin will honor the default
  • “Per Domain Use Report” will show the correct allocated licenses per domain
  • Log properly SMTP Rejects/Bounced messages with long Message Queue ID

Changes in v4.8.8 (Oct 14)

Improvements

  • Log mail rejected due to exceeded message size
  • Attempted username logged for failure logins
  • Added digest report info to User export
  • “Custom Spam Rules” allow to specify a custom header instead of the limited list
  • Changed alert limit on disk space monitor to avoid “false positive” when using big disks
  • API: Added information about aliases/license allocated to getDomainLicenseUsage

Bug Fixes

  • Restored automatic bayes learn when submitting to EsvaLabs
  • Replicate bayes learn on cluster environment
  • Fix synchronization of SMTP Check Override during Cluster wizard
  • Date visualization format can be changed in the System Preferences
  • Dynamic verification server configuration properly flush cached values
  • Restored “Blacklist Sender” link in signatures when using Safe Learn Networks

Changes in v4.8.7 (Sep 29)

Improvements

  • Add auditing to pause/resume incoming email
  • UI will show the new license details in few minutes after upload
  • License Count excludes mail with only blocked message(s)

Bug Fixes

  • Threat Remediation: Better handling of errors when searching for the message to recall
  • Threat Remediation can manage multiple connectors for the same domain
  • Message Score Normalization option correctly managed by the web interface
  • Quarantine Actions correctly manage the “Release Reason” option and the “Safe Learn Network” authentication

Changes in v4.8.6 (Sep 14)

Security

  • Users authorized to customize spam levels cannot change release actions

Improvements

  • Add low-priority swapfile to allow temporary spikes of RAM usage
  • Cluster auto-recovery functionality and simplified recovery procedure
  • Add report filter for Whaling attack
  • API: Add function “msgdetails” to get whole message details including headers

Bug Fixes

  • Office365: case insensitive username check on login
  • Better error handling in Adaptive Trust Engine for some edge case
  • Improve reliability of external connectors when remote connection is lost
  • Avoid lags and slow requests to “Core Service” page
  • Recover bayes engine auto-start for appliance deployed from 4.8 version image
  • Properly show release reason when enabled to users
  • Fix English typos in Mail Encryption reports and WebUI

Changes in v4.8.5 (Aug 31)

Security

  • Integrate trusted networks and SMTP check override to Antispam engine to avoid IP reputations issues
  • Prevent a QuickSand crash due to byte conversions on some MS Macro analysis

Improvements

  • UI: Rename Address to Network in trusted network
  • Revalidate user provided LDAP configuration for SMTP Auth before writing to file

Bug Fixes

  • Resolve an access denied issue for quarantine report due to short url unproper mapping
  • Resolved a database error which prevented adding multiple Threat Remediation Connectors
  • UI: abbreviate Load Average to avoid UI glitches
  • UI: Show correct Message ID in result page for learn as spam

Changes in v4.8.4 (Aug 17)

Improvements

  • Distributed setup status monitor improved error messages
  • Add destroy master node action to Distributed setup

Bug Fixes

  • Properly check permission for quarantine admins using distributed search
  • Add redirect for older report URL like /cgi-bin/release-msg.cgi?id=$id&to=$to

Changes in v4.8.3 (Aug 10)

Improvements

  • Add links to released messages in detail page overview
  • Reduce MySql resources consumption for small appliance
  • Add per-batch cache of whaling address to improve analysis speed

Bug Fixes

  • Restore logging of attachments details to databases
  • Fix redirection to target page when using login from Office365 SSO
  • Avoid double-slashes in quarantine actions URL which generated 404 errors
  • Properly render popup for dictionary/urlsand matches in detail page

Changes in v4.8.2 (Aug 03)

Security

  • Quicksand integration with 7zip archives

Bug Fixes

  • Correctly count Office365 mailbox and aliases
  • ATP: fix display error on quota statistics page
  • Encryption Portal: remove spurious blob data which may prevent email display
  • Mail Relay test: allow long timeout, but warn about slow tests
  • Authentication redirect: correctly redirect to target page, for pages protected by safe-learn
  • When deleting relay domains also delete orphaned threat remediation connectors

Changes in v4.8.1 (Jul 27)

Improvements

  • Require Global Privacy Password to enable domain level Privacy Passwords
  • Use DNS to fetch current stable version of Libraesva ESG
  • Apply whitelabel theme to error page
  • Rename “Disk” to “Storage” in UI

Bug Fixes

  • Restore user actions from quarantine reports when using anonymous users
  • Rollback “SMTP SASL Authentication require encrypted connection”
  • Properly compile DKIM domain configuration when mixing similar TLD
  • Web Portal Authentication: fix a UI issue when selecting enabled record for domain
  • Properly compile Local DNS configuration when multiple Local Forwarder are defined
  • Use Local Authentication instead of OAuth-2 for Domain Admins
  • Fix permission checks for User Actions
  • Fix UI error in ATP Access Control page

Changes in v4.8.0 (Jul 20)

Features

  • Mail Intercept: allow recall of messages to unsual recipients
  • Social Graph: Social Interation graph with other Organisations, based on Domain/User
  • O365 Authentication: added Support for OAuth2-based authentication
  • Gsuite: native support for users and valid recipients import
  • Gsuite: added support for OAuth2-based authentication
  • Enable ports 465 (SMTPS) and 587 (Submission)
  • SMTP Auth Relay support LDAP Authentication
  • Implemented variable %public-url% for Logo&Messages and Quarantine Actions
  • Email Continuity: outgoing email will be sent to the mail server using a BCC to the From
  • Email Continuity: add download button
  • URLs in mail will be checked on our URL Blacklist
  • Message Details: add link to original message for released ones

Security

  • Hostname changes will automatically execute reboot
  • New Hardware requirements for System Resources sizes
  • System Resources size will take effect also to the old ATP Profile
  • SMTP SASL Authentication require encrypted connection

Improvements

  • Improved description for Whaling in configuration page
  • Add HTML template for all Report Messages
  • Add Domain Customization for all Report Messages
  • Load Avg gauge in Dashboard now show the last 5′ value
  • Search: Export will include also the Sender IP
  • Add Outlook Mail Messages to supported File Types in the Attachment Filters
  • Threat Remediation configuration for Zimbra now support non-default ports
  • Message Details: Show information about Scan Time for each message
  • Replace AWL with the new TxRep plugin
  • LDAP Configuration: add new Type for Zimbra
  • Quarantine Search: separate Spam & High-Spam Block Reason

Bug fixes

  • Add missing SMTP Reject to Summary report
  • Decode MIME for Subject in Mail Queues
  • Add Audit Log for System Resources changes
  • Automatic cleanup of unused Let’s Encrypt certificates
  • Urlsand rewrite in Email Continuity now ignore A tag without href
  • Adaptive Trust Engine: revoke trust on recall, mark as spam and blacklist
  • Fix wrong warning on disk space detection before Backup
  • DNS Query for private class addresses will not be resolved on internet anymore
  • Domain text import will execute automatically the Relay table rebuild
  • Trusted Network: fix wrong propagation of changes on Apply Settings button
  • Trusted Network: add check for duplicated networks before add/edit
  • Email Continuity: fix cid association of inline image
  • LDAP Authentication: fix bug on LDAP DN
  • Office365 Import: username will be assigned as alias, if is a valid email address
  • License Count: correctly handle of sub-addressing addresses