NoSpamProxy 12.2 Schneller Kanal/Fast Channel

New / Changed

• Support SwissSign Silverlight without Common Name and Country
• PDF URL detection and content filter handling
• Change default encryption and hashing options for AS2 send connector

Fixed Issues

• Email could not be sent if large files were uploaded using upload button in Outlook Add-In
• CYREN IP Reputation Service could not be started
• Greylisting action executed in webportal emails
• PGP key is not imported if PGP signature shouldn’t be removed
• Possible word filter false positive if word contains an “m” or “v” and obfuscated words should be found
• Level of Trust address pairing bonus points is incorrect
• No line break for content filter upload hints in HTML mails
• Attachment name is not correct after Web Portal Upload
• Excel document with OLE object is not detected correctly
• SwissSign validation still requires an Organization when ‘Silver’ certificates are requested
• Stackoverflow exception in partners view if too many partner keys are defined.
• Error while processing content filter conditions by the filename condition “winmail.dat; “
• Attachments in winmail.dat are not removed
• Merged PDFs with dangerous content are not disarmed

New / Changed

• Support SwissSign E-Mail ID Silver certificates without Organisation

Fixed Issues

• Error in “S/MIME and PGP validation and decryption” action. Parameter is not set.
• Signature of the email is invalid if it contains another email with text/plain body as attachment
• Duplicate entries in Gateway Role DNS cache
• DKIM signature is invalidated if subject flags are used
• Localization: Double entry in preferred technology by partner user
• Error message “An item with the same key has already been added” during AD Synchronization
• EdDSA signature has been removed from email
• DNS cache invalidation not working properly with multiple entries that have a different TTL
• Greylisting doesn’t work correctly if the email has been put on hold for content filtering
• Spelling mistake in notification of missing certificates
• Email attachment is not protected if auto-encryption and mail to PDF in rule
• Updated Keys reference to fix a NullReferenceException
• Get-NspLargeFiles does not output the field ContentType
• TNEF: Decrypted attachment has an unexpected name and file format
• Cache for trust points for sender domain is not updated

New / Changed

• Distinguish between Excel/Word 97-2003 (xls, doc) files with and without macros
• Add a hint to the PDF header in a PDF Mail that the Acrobat reader is required to access attachments
• One temp folder for everything by Cyren service
• Detect OLE objects in office documents
• Support signature validation of mails which were incorrectly serialized (lone LFs in mail, but signature expected CRLFs)
• Support SwissSign E-Mail ID Silver certificates without country

Fixed Issues

• Level of Trust is not updated with the correct date
• Error “Specified padding mode is not valid for this algorithm” when building certificate chains
• No error message if Web Portal files waiting for approval can’t be downloaded
• Receive connector IP blocking is still enabled if protection feature is not licensed
• Cyren reference ID is not set in message track if email is put on hold
• Date by Level of trust domain bonuses are not updated if it is already 100 bonuses
• S/MIME encrypted winmail.dat mail is not decrypted
• Multiple email addresses are extracted from email header if the display name is the email address and surrounded by apostrophes
• Error when uploading GZIP compressed XML to Web Portal: This operation is not supported
• Public key is removed from email even if removal of signature is disabled and key harvesting is enabled
• PGP signature verification fails when the PGP key has a non-self-signed UID
• PGP signature is removed by ‘Remove SMIME signature’ option
• Logging for D-Trust certificate provider is not working
• D-Trust certificate provider info text for required action references the wrong action
• GZIP files are not detected by content filter with wildcards

New / Changed

• Edi@Energy: Use SHA-256 in RSAOAEP padding for S/MIME encryption
• Add mime type detection for AutoCAD files
  • *.dxf – Drawing Interchange Format or Drawing Exchange Format
  • *.dwt – Drawing Template
  • *.dwg – Drawing
  • *.dwf – Design Web Format

Fixed Issues

• Mime type detection for Office XML documents fails for XML documents with incorrect encoding

New / Changed

• Checks for Address Pairing bonus points

Fixed Issues

• Outlook Addin: Corporate design is not applied in Outlook Addin.
• Email could not be signed. The specified handle is invalid.
• Get/Set-NspPartnerAddressTrust not working correctly
• Word/Excel/PowerPoint XML documents are not handled by the Content Filter
• Message Tracking clean-up slows down replication of new Message Tracks
• Trust configuration could not be saved by partner
• Content disarm failed: Illegal characters in path
• Domain trust entry is deleted even if it contains trusted subnets
• Level of Trust address pairing bonus points are shown incorrect in message track
• De-Mail address rewriting is removed from imported users if there are two automatic user imports with De-Mail address rewriting
• ‘Illegal characters in path’ error in SMIME and PGP inbound action
• Exception of type ‘Netatwork.NoSpamProxy.Security.CertificatePasswordInvalidException’

Fixed Issues

• Ribbon in Outlook is throwing errors on emails with certain attachments
• Error by signing a message. Access denied. Added fail-safe when access to an RSA key container fails
• Email could not be decrypted: Cryptographic Exception
• Exported PGP public key can’t be published to MIT PGP Key Server
• DNS cache invalidation not working properly with multiple entries that have a different TTL
• AD import uses insecure connection to Active Directory
• Intermittent Address resolving issues in Outlook Addin with auto-completed address entries
• Outlook Addin is missing appropriate trace output to debug faulty customer configurations
• NoSpamProxy makes two calls to Cyren CTASD per mail
• Address pairing trust bonus is given to a wildcard entry
• Outlook Add-In: No reply link is added after configuring a new reply link in the add-in.

Fixed Issues

• Header still contains p7m instead of p7s after decryption
• Gateway Role always uses the external Web Portal URL to upload files even if an internal URL is configured
• Empty text mime parts are detected as application/octet-stream and possibly blocked/removed by the Content Filter
• Error “Collection was modified; enumeration operation may not execute.” when starting the Gateway Role
• Exception of type “Netatwork.NoSpamProxy.Security.CertificatePasswordInvalidException” when requesting a certificate
• Management Console: Word Filter crashes under certain conditions
• Memory leak in mime type detection for legacy office documents

Fixed Issues

• Special characters in text files are broken after encryption
• Transfer encoding is changed from base64 to quoted-printable for text attachments
• Setup fails when updating the Intranet Role database because the SQL transaction log fills up the hard disk

New / changed

• Overwrite ‘City’ field in certificate requests for D-Trust
• Remove ‘City’ and ‘State’ as a required field for D-Trust Enterprise and Team certificates

Fixed issues

• SMTP send timeout is not configurable
• Content filter changes are not active immediately
• Password protected Excel files (*.xlsx) are not processed by the Content Filter
• Search for trust level in partners does not work properly
• NullReferenceException when requesting a password reset via the Web Portal
• Duplicate notification in case of failed CDR
• Word filter only checks the first 4KB of the email body
• Error when removing user fields: “The requested resource was not found.”
• Put on Hold emails are send again by incoming emails
• Incomplete SMTP response when a PTR record cannot be resolved
• Mime type detection for binary files renamed to *.txt not always works correctly

New / changed

• Updated .NET Requirement to 4.7.2
• Improved Message Tracking database cleanup
• Improve detection of auto generated messages in Level of Trust
• Powershell Cmdlet Get-NspMessageTrack has now parameter for IP filtering

Fixed issues

• No automatic cryptographic key enrolment request is generated if an inactive certificate is still valid
• Autoencryption status for generate and save partner password is missing in Message Track
• If an archive connector is configured without creating the folder on the Gateway Role, no mails are archived and no error message appears
• Under certain circumstances “Antivirus scan not possible at the moment” error message appears after uploading large files to the Web Portal
• Under certain circumstances HTML attachment is renamed to “Attached File.txt”
• Partners view displays the same domain multiple times with different capitalization
• Reputation filter MAIL FROM/Header-From mismatch test in absence of DMARC doesn’t check multiple From headers
• DSN bonus is not given for simple DSN
• Under certain circumstances an attempt to put a mail on hold failed
• Under certain circumstances an attached PDF is not encrypted if Autoencryption is required
• When the Gateway Role deactivates a certificate, the new state is not replicated to the Intranet Role
• Under certain circumstances exact match filter for body in Disclaimer does not work
• Web Portal setup: WebPortal.config cannot be accessed and could not be upgraded
• Large files search fails when using more than one filter criteria: The parameter ‘f’ was not bound in the specified LINQ to Entities query expression.
• Missing partner passwords are not replicated to the Web Portal
• Email was delivered although CYREN antivirus rejected the email
• Base64 content with empty lines in between the data can’t be decoded
• PDF conversion failed, but mail is successfully delivered
• Email attachment is not protected with a password if the email is auto-encrypted using S/MIME or PGP
• Files considered too large can’t be removed by the user on the Web Portal
• NoSpamProxy Console crashed when double clicking on an allowed language plane in filter “Allowed Unicode language planes”
• Cyren reference ID is not set in exported Message Track
• Word matching filter gives positive results for encrypted email
• User names are sorted alphabetically during a manual certificate request
• Status of Level of Trust is disabled in Message Track but is enabled in rule
• Certificate enrolment request fails with “Bad Version of provider.”
• dotNet could not be downloaded during Web Portal Installation
• SwissSign product type “Silver Light” has been renamed
• Certificate harvesting option can not be deactivated
• Action “Extract certificates” does not work with signed/encrypted mails
• Cannot decrypt a PGP-Inline encrypted mail
• Outbound notification for encrypted mails uses incorrect sender address
• Large logos are truncated in the PDF header of PDF Mails
• Error message when closing the MMC (TaskCanceledException)
• Many “Invalid logon attempt” messages are recorded in the Security EventLog
• Content-Transfer-Encoding uuencode not supported for attachments
• Column ordering of domains in DKIM keys Fails
• Certificate request can’t be completed because the private key can’t be read
• Web Portal upload failed: Sequence contains more than one matching element
• Default algorithm is Aes256 instead of Aes128
• MMC crashes when an invalid template was configured on the D-Trust certificate Provider
• File synchronization between two Web Portals not working for files >2GB
• Outbound emails from Office 365 are not accepted because the certificate validation fails

Fixed issues

• Outbound emails from Office 365 are rejected with “Unable to relay”

New / changed

• Implement efail mitigations

Fixed issues

• Automatic user import – Generic LDAP doesn’t use search path for group search
• Active Directory group lookup does not work: The distinguished name contains invalid Syntax
• Email is sent multiple times if the SMTP server takes very long to respond to commands
• Partner password can’t be changed using the Web Portal
• Web Portal mails always using external URL if attachment is uploaded to Web Portal
• Domaintrust is increased although it is set to statically Zero
• Domaintrust maintenance run never finishes if DNS requests time out for some Domains
• Performance Counter for Queues maybe incorrect after a service Restart
• Public Suffix List caching doesn’t work for Spam URI Realtime Blocklists filter
• RTF mails converted to PDF contain a winmail.dat attachment
• After removing a corporate users active certificate no certificate is active
• Sandbox response for already uploaded but not yet analysed files is not processed correctly
• Large files filter for sender/recipient and status not working correctly
• Plain text attachment is detected as application/octet-stream
• UTF-7 encoded mail with Base64 encoded attachment can not be decoded
• No HTML file with download link after inline image is uploaded to Web Portal
• Email to PDF conversion adds hint for pin to PDF even if all attachments are uploaded to the Web Portal