5.0-2-6

Update for F-Secure Antivirus
With specially crafted archives it was possible to trigger a buffer overflow.

Signature updates of Kaspersky Antivirus
The update fixes problems with the signature update process some customers reported since the previous update. We also have
been able to speed up the update process again.
If you mirror Kaspersky signatures for scanners in your local network, please contact technical support.

SPAM folder and relay SPAM filter
Now the new SPAM folder which has been introduced by the previous update will also work when the relay SPAM filter is enabled.
Minor bugfixes and improvements
5.0-2-5

TIFF image library
A buffer underflow has been discovered in the TIFF library. The SPAM filter uses this library for its text recognition feature
(OCR).

New greylist operation modes
Greylisting is a very effective measure against SPAM. It can be used when inbound mail is received with SMTP and there's no
upstream relay, i.e. a DNS MX record points to the system. By design, greylisting will delay inbound mail. The three new operation
modes introduced with this release aim at a reduced number of delayed messages in order to grow the acceptance of greylisting.
In the mode with the least impact, an email has to pass greylisting only if its sender IP is listed in one of the well-known
DNS blacklist databases of dynamic IPs and SPAM senders. In this mode, greylisting should not affect normal operation in any
negative way. However do not expect better SPAM recognition either, as usually the SPAM filter would have considered the same
blacklists anyway. The major benefit is a reduced system load. A SPAM mail which has been defeated by greylisting doesn't
need to be analyzed by the virus scanner and the SPAM filter.
There's also a special mode for systems which have to accept any recipient address in its local domain. This may have been
configured on purpose (catch all mailbox) or because there's an internal mail server which doesn't support verification of
recipient addresses (e.g. Exchange 2000 and older). In this mode greylisting will take the sender address of each outbound
mail and permit it as recipient for inbound messages. In almost no time inbound mail to active addresses will no longer suffer
from delays, whereas mail to other recipients has to pass greylisting. This will particularly hit SPAM sent to random recipient
addresses.
Finally with the third new option, sender and recipient of each outbound mail will be taken, reversed and accepted for inbound
mail. So greylisting will not affect replies and any further message exchange between those addresses until the entry expires.
This mode should also be interesting for those who already use greylisting.

Increased default greylisting timeout
The default value of the parameter "Timeout after last use" has been increased from 5 to 20 days. Systems using the old default
of 5 days will automatically switch to 20 days. If a different value has been configured, no change will be made.

Extended ADSL fallback
For the case of trouble with the ADSL line, support for ethernet interfaces as fallback has been added. Furthermore the email
address for fallback notifications is configurable now.

New name server release
The new version includes optimizations of the security patch of release 5.0-2.3.

New release of Kaspersky Antivirus
The new version includes a major speedup of the signature update process.

Extended notification by mail client
The mail client notifies the local administrator by email when it encounters a problem while retrieving mails. The amount
of causes triggering such notification has been extended with this release.

Predefined IMAP / Webmail folder for SPAM
On request, mails which have been classified as SPAM can be delivered to a separate SPAM folder. This folder is accessible
to IMAP and webmail users. The new setting is configurable per user.

Configurable message format for classified SPAM
As before, an email which has been tagged as SPAM will by default contain a preview of the original contents and a detailed
breakdown of its SPAM score. The original message is enclosed as attachment. It is now possible to have the original contents
forwarded, too. The message headers will then contain more information on the score. To denote the mail as SPAM, a prefix
will still be added to the email subject.

SPAM filter signature database
The new signature set has been tuned with respect to performance.

Header match option for userdefined SPAM filter rules

Possible crash of the bzip2 compressor
Minor bugfixes and improvements
5.0-2-4

Firewall and slow name servers
Since the previous name server update, queries running for more than 30 seconds are intercepted by the firewall. On systems
with an enabled dynamic firewall, it could even happen that the name server was locked out completely. This updated increases
the firewall's timeout for UDP replies.

Web proxy stopps
If proxy authentication is enabled and a list of exceptions is defined, the web proxy exits from time to time. The problem
occured since release 5.0-2.0.
Minor bugfixes and improvements
5.0-2-3

Security update of the name server
A newly discovered flaw in the DNS protocol itself makes cache poisoning attacks probable again. With the new version, DNS
queries will be sent using random source ports. This measure is said to make attacks unlikely.

IDS stopped on permanent ADSL connections
After a hangup of a permanent ADSL connection, the Intrusion Detection has been stopped.

IPSec L2TP support for Windows Mobile
Up to now, connecting Windows Mobile clients was not straightforward, as Windows Mobile doesn't support PAP authentication.
It is now possible to store a fixed "system-ras" password in cleartext, so Windows Mobile clients can be authenticated using
CHAP or EAP MD5.

Terminate LDAP server via network
With a specially crafted packet it was possible to shutdown the LDAP server.

Mirroring McAfee signatures for local scanners
Some McAfee update servers offer signature files with a wrong capitalization. Local scanners will not be able to update from
the local mirror of such a server.
As the problem persists we decided to offer a workaround. After mirroring, copies of the signature files in various capitalizations
will be created.
Minor bugfixes and improvements
5.0-2-2

Security fix for the perl interpreter
A vulnerability has been reported related to the processing of UTF-8 characters.
Minor bugfixes and improvements
5.0-2-1

Temporary SMTP error while processing virus mails
Due to a software incompatibility in release 5.0-2.0, incoming virus mails will be rejected with a temporary error code. This
shouldn't be a problem with mails received by SMTP. However when retrieving mails from a POP3 server, it will finally end
up in retrieving virus mails only as in each poll a limited amount of emails per mailbox will be fetched.
Systems updated to 5.0-2.0 after 2008-06-10 are not affected.

SPAM score now in email subject
When tagging an email as SPAM, the SPAM filter now adds the SPAM score to the subject. Sorting emails by subject in your mail
client will sort SPAM mails by their score.

User details import from Active Directory
The Active Directory user import feature will now copy user deails such as email address and phone numbers, too.


