Libraesva ESG v4.9: Release Notes

Andrea Redaelli Libraesva ESG

Changes in v4.9.29 (Oct 26, 2023)

Security

  • ClamAV: upgrade to version 0.103.11

Changes in v4.9.28 (Aug 29, 2023)

Security

  • ClamAV: upgrade to version 0.103.10

Changes in v4.9.27 (Mar 13, 2023)

Security

  • QuickSand: block attachments in archive when unzip size is greater than 150MB

Changes in v4.9.26 (Feb 21, 2023)

Security

  • ClamAV: upgrade to version 0.103.8

Changes in v4.9.25 (Oct 17, 2022)

Security

  • Improves RBL detection sub-domains below 3rd level
  • Quicksand: improves www-links detection in PDF
  • Update Bitdefender license

Bug Fixes

  • Oulook add-in: remove reference to a deprecated API call

Changes in v4.9.24 (Sep 05, 2022)

Improvement

  • Add forward compatibility for Clamd configuration of ESG 5.x
  • ESG5 migration: avoid using special or hard to read chars in password

Bug Fixes

  • Export no longer generate errors if executed by read-only or quarantine admins

Changes in v4.9.23 (Aug 08, 2022)

Security

  • Quicksand: identify suspicious action write+execute without autoexec
  • ClamAV: upgrade to version 0.103.7

Improvement

  • Update file type recognition database (Improved detection of executable files)

Bug Fixes

  • Let’s Encrypt: change preferred Root Chain to “ISRG Root X1”

Changes in v4.9.22 (Jul 19, 2022)

Bug Fixes

  • Fixed removal of Passwordless Authorized Devices
  • Properly reset permission before create ESG 5.x migration file

Improvement

  • upgrade page: added link to the official upgrade guide to version 5.x

Changes in v4.9.21 (Jul 4, 2022)

Security

  • Defend against file extension evasion techniques targeting Windows machines

Bug Fixes

  • Quarantine page: fixed the algorithm that calculates the range of dates shown by default

Changes in v4.9.20 (May 23, 2022)

Improvements

  • Stop MailScanner Engine and schedulated task before create ESG 5.x migration file

Bug Fixes

  • Remove Unsupported mechanism CRAM-MD5 from SMTP Auth LDAP
  • Valid Recipient List import: prevent duplicated addresses
  • Search: properly show outbound messages for Domain Admin Users
  • Backup download: increased timeout for big files
  • Google Workspace: fixed login when user doesn’t exist yet

Changes in v4.9.19 (Apr 19, 2022)

Improvements

  • skip whaling check when scan mode is “virus only”
  • Message details: add warning for failed SPF beside whitelist result label

Bug Fixes

  • URLSand: always executes HTML analysis, even when preliminary tests have found no A-tags
  • M365 Authentication: add openid scope
  • whitelist/blacklist: fix validation of IP addresses

Changes in v4.9.18 (Mar 14, 2022)

Security

  • protect backups from un-authorized access
  • add DNS lookup to esvalabs when IP is blacklisted for DoS attempt

Improvements

  • Upgrade Letsencrypt certbot

Bug Fixes

  • Smarthost: use most specific configuration when mixing domain based smarthost and default smarthost
  • User text import: replace variable HOST URL with value configured in quarantine report
  • Quicksand: fix disarming of external resources in office documents
  • Upgrade from ESG 4.8: fix a version conflict which may block the upgrade

Changes in v4.9.17 (Mar 02, 2022)

Features

  • Country Policies: configurable policies to allow/block web interface access from specific countries (see also Geo-Blocking)

Bug Fixes

  • Report: fixed operators for search on Attachments properties
  • Viewmail: properly identify attachments filenames if defined in MIME Entity headers
  • Threat Remediation: always try the recall for all recipients, and log failure tentative
  • Disabled password-less login when domain authentication is configured to “No Access”
  • Message Detail: fixed report parsing for Deutsche language
  • More reliable reactivation of services/modules when uploading a new license after the expiration of the previous one

Changes in v4.9.16 (Feb 10, 2022)

Security

  • ClamAV: upgrade to version 0.103.5 LTS
  • Block aggressive bulk email even when Graymail plugin is disabled
  • Close PwnKit security issue

Improvements

  • Periodical cleanup of unusual values in message score normalization
  • Increase “unusual correspondent” interval from 12h to 24h

Bug Fixes

  • Include greylist database to ESG 5.0 migrations
  • URLSand rewrite: handle & character correctly in HTML text parts

Changes in v4.9.15 (Dec 20, 2021)

Security

  • ClamAV SaneSecurity: changed enabled databases based on Libraesva security review
  • Passwordless: double check server-side secret on token verification
  • Passwordless: stronger encryption routine backported from ESG 5

Improvements

  • Add audit log in Account takeover protection
  • Disk expansion: warn about possible expansions left

Bug Fixes

  • Disk expansion: minimal increase is set to 1GB (to avoid almost null expansions)
  • System Upgrade: review upgrade file extract command

Changes in v4.9.14 (Oct 11, 2021)

Security

  • Change key-server for OpenPGP verification

Bug Fixes

  • Fix listing of “Message Release Requests” for Domain Admins.
  • Support UK/US date/time format in Digest report and Reports

Changes in v4.9.13 (Sep 27, 2021)

Security

  • block as other infections some ZIP files crafted to DoS attachment analysis;
  • resolve DNS timeout issues in Botnet identification.

Improvements

  • add QuickSand analysis caching, to speed-up dequeuing of bulk delivery;
  • use single-field OTP in WebUI, for better integration with keyring security applications;
  • slightly increment antispam engine timeout.

Bug Fixes

  • replication of certificates in cluster environment is limited to relay-bounded certificates.

Changes in v4.9.12 (Sep 6, 2021)

Security

  • Identify and replace a new class of URI in PDF files.

Improvements

  • LDAP/M365/Google import for Valid Recipient/Users now show the name of the connector used.

Changes in v4.9.11 (Aug 2, 2021)

Security

  • prevent DoS attack in html parsing, caused by a malformed single huge line of random chars.

Improvements

  • update file type recognition database.
  • add console command to create ESG 5.x migration file.
  • add audit log event for safe learn network.

Bug Fixes

  • HTML disarm no longer breaks signatures for outgoing bounce messages
  • Message details: restore detailed information in spam reports

Changes in v4.9.10 (Jul 12, 2021)

Security

  • oAuth Login: Use encrypted token instead of cookie

Bug Fixes

  • Email Continuity: used proper charset on attachments download
  • SMTP Auth: fixed cluster replica when there is a myhostname configured
  • License Count for O365: fixed the identification of the distribution lists and unlicensed mailboxes

Improvements

  • Relay Domain: changed default value for Antispoofing to Standard (SPF)
  • Reduced frequencies of system alerts
  • API: added an optional parameter “field” to getuseraliases

Changes in v4.9.9 (May 31, 2021)

Improvements

  • API: added getFullMaillog

Bug Fixes

  • Gsuite: add import of non editable aliases
  • Hosts file: correctly highlight “Apply Settings” button after changes
  • API `version`: show correct available version

Changes in v4.9.8 (May 11, 2021)

Improvements

  • Attachments Filters: allow Dos Device drivers
  • Allow message size up to 150MB

Changes in v4.9.7 (May 5, 2021)

Security

  • Improved detection of suspicious excel4/xlm macros

Bug Fixes

  • Logo & Messages: fix visualization of “Attachments Filters” customization

Changes in v4.9.6 (Apr 21, 2021)

Security

  • Installed security updates for Spam Engine.

Bug Fixes

  • Fix partial display of queued mails from WebUI.

Changes in v4.9.5 (Apr 7, 2021)

Security

  • Undisclosed security fix (thanks to Daniele Barattieri – Ethical Security for the responsible disclosure)
  • Whaling Protection: skip whaling checks only when the whale itself is the only recipient

Improvements

  • Threat Remediation recall show more detailed information on failure
  • SMTP Auth with LDAP: Search Base can be empty (required by Zimbra)

Bug Fixes

  • Better management of SSH sessions used for cluster replica
  • Fixed “Disable” option of scheduled report
  • Fix audit log when user delete a relay domain
  • Quicksand: improved detection of link in PDF documents

Changes in v4.9.4 (Feb 9, 2021)

Security

  • Quicksand: extend the function to disarm dangerous files inside archives, to all supported archive types (e.g. 7zip)

Bug Fixes

  • Trusted Networks: Show/Hide “Manage Hosted Services” based on license properties
  • Reload whole engine settings every 30 minutes

Changes in v4.9.3 (Feb 2, 2021)

Security

  • Improved detection of embedded objects in rtf files
  • Fix SQL injections in Report page

Improvements

  • Implement M365/GSuite oAuth login for Mobile Apps
  • Allow partial bulk update for Digest Report Options
  • Add audit Log events for LDAP/GSuite/Web Portal Authentication
  • Cluster Wizard: properly shows errors on database dump/restore
  • Message release request are acknowledged on any release action

Bug Fixes

  • Cluster Wizard: force “Pre Shared Key” to be withing 8 and 32 chars
  • User action Whitelist/Blacklist properly allowed for “Safe Learn” anonymous users

Changes in v4.9.2 (Jan 18, 2021)

Improvements

  • Threat Remediation: shows if a message is read when recalling from Message Operations
  • Web Portal Authentication: improved warning for incomplete set configuration

Bug Fixes

  • Whaling Protection: avoid false positive caused by case-sensitive comparison
  • Account Takeover Protection: log all the Message Quota events
  • Threat Remediation: fix permission problem of the recall from Message Operations
  • Digest Report: restore View button when no other actions are configured
  • Domain Relay: fix bulk update of relay Server
  • DKIM Signing: Fix multiple deletion of DKIM keys

Changes in v4.9.1 (Jan 4, 2021)

Improvements

  • Whaling Protection: use DMARC to validate legitimate whales

Bug Fixes

  • Address Rewriting: allow to add the same rewriting scheme for sender and recipient

Changes in v4.9.0 (Dec 29, 2020)

Features

  • New Multi-Factor Authentication with T-OTP (time-based one-time-password) is now available to admins and users
  • Threat Remediation (recall email messages from inbox) now available also for G-Suite
  • Custom TLS certificates can be used to relay email to internal domains. Microsoft365 inbound connectors can be based on the Common Name of the TLS certificate for a complete multi-tenant interoperability.
  • URLs rewritten by URLSand can be logged to syslog
  • Configurable sender/recipient address/domain rewriting. ESG can transparently replace domains or email addresses.
  • Domain Text Import: additional fields are supported by the batch import procedure.
  • New API “Mark For Release” is now available
  • Add Blacklist link now available in the Digest Report actions

Security

  • Updated Content-Security-Policy header
  • CentOS security repository migrated to Libraesva Extended Support service

Improvements

  • Microsoft 365 Threat Remediation: migrate from EWS to Graph API
  • Threat Remediation: Domain Admin/Multi Domain Admin can “Recall” messages from their domain
  • Add “Quarantine Report” option to IMAP/POP3 Set
  • Users can “Mark for Release” a message also from WebUI
  • Additional search options in Password-less Authorized Devices list
  • More reliable cluster wizard procedure

Bug Fixes

  • Distributed setup: reload license on slave nodes after configuration push
  • Preserve hosts file after hostname change
  • Properly show hosts file record from WebUI
  • Fixed Backup and Restore of DKIM configuration
  • Search: fixed a bug that may cause different records to be displayed in message detail
  • Custom Spam Rules can be applied also on a single address
  • Properly apply “AntiSpam Engine Processes” configuration after change
  • Clean exported csv of relay domain from spurious columns

 

Popular searches:GDPR, ESG 5 migration guide, "How to configure Libraesva ESG for Microsoft 365"