NoSpamProxy 13.0 Regular Channel
We have released version 13.0.19204.1650 on August 06th, 2019. This version is an upgrade release where the following bugs are fixed and new features are added or changed.
NOTE: As of update version 12.2.18253.1152, a script for cleaning up the message tracking is included, which deletes orphaned entries in the database and from version 13.0.19169.1943, a script for improving Table Indexes was added. These may cause the setup not to respond for a some time during database update. The setup must not be aborted and must run until completed. Please schedule a longer upgrade period for this.
NOTE: If the Protection module is licensed, it is possible that the Cyren services do not work and no viruses and spam checks are performed after the update to version 13, although the NoSpamProxy license itself has been correctly validated. To correct this, in the NoSpamProxy Management Console go to Configuration/NoSpamProxy Components/Gateway Roles, select the gateway role(s) and click on Synchronize configuration.
It is possible in combination with some domain names, that the Reputation filter will block emails due to an obfuscated owned domain. Only in this case we will recommend to reduce the SCL Points to maximum 2 SCL Points (default is 4 SCL Points) for the test 'Header-From' is an owned Domain at the Reputation filter, to be found on the tab Filters at the applied rule, on tab 'Header-From' Tests. This will be improved within the next major version. Example: Owned Domain = example.com, but the Reputation filter will also detect my-example.com as an obfuscated owned domain.
includes changes and bug fixes from Fast Channel Version 13.0.19197.1833, listed below
New / Changed
From 13.0.19197.1833
- URL Safeguard: configuration info for host and URLs in attachments rewriting
Fixed
- Could not assess the current license usage. Object reference not set to an instance of an object
- Rescan of quarantined Web Portal files fails: Final output block size must be at least 56
- Reputation filter blocks De-Mail notifications if substring match tests are enabled
- URL Safeguard does not rewrite some links calendar invitation
- URL Safeguard: Wrong detection of URLs in outlook calendar invitation
- URL Safeguard: /n is included in link
From 13.0.19197.1833
- Cyren IP reputation filter error: The value must not be NULL Parameter name: input
- Load data in message track takes too much time and url safeguard shows wrong information
- Missing provider name if eventlog with id 3583 is created
- Cyren URL Classification filter does not detect malware links in encrypted emails
- Calendar request inside of a winmail.dat is not detected and the email is signed
- A PDF attachment with an attachment that has an undefined content length cannot be processed correctly.
- Quoted printable encoded PDF is not disarmed correctly.
- Wrong padding is shown for encryption/decryption in message track
- Validation policies could not be saved in SMIME and PGP validation action
- An unexpected error occurred, and the Intranet role is shutting down
- Could not assess the current license usage. Object reference not set to an instance of an object
includes changes and bug fixes from Fast Channel versions 13.0.19149.1743 and 13.0.19147.917, listed below
New / Changed
From 13.0.19147.917:
- Enable Cyren URL classification service by default in SURBL Filter
Fixed
- Outlook Add-in is sending text message even if the user has disabled this function
- Wrong error message when importing PGP secret key
- PDF Mail tab in partner user settings missleads a user
- URL Safeguard timeout if the HTML body contains a large amount of URLs (4000+)
- Header-FROM/TO contains an @ sign outside of an email address
- Emails are accepted if an error occurs that is not a timeout and the validation timeout handling is set to "Accept".
- Cyren Antispam/Antivirus service is not responding until the Gateway Role is restarted
- Exception in error message of executed URL Safeguard action: "An item with the same key has already been added
- Spam Uri Realtime Blocklist filter checks URLs without protocol against blacklists
- AES-128-GCM and AES-256-GCM encryption algorithms are missing from the inspection report
- Level of Trust fixed domain bonus for freemailer domain is not granted
- Outlook calendar invitation contains lines longer than 75 characters after URL Safeguard has rewritten URLs
- URL Safeguard and Spam Uri Realtime Blocklist filter detect URLs in calendar invites if the lines in the invite have been folded
- Message Track displays "No bonuses where granted because the email was not authenticated" if Level of Trust is configured to require authentication only for the domain bonus
- Powershell CmdLet Get-NspEmailOnHold doesn't include emails waiting for content filter processing
From 03/13/19149/1943:
- Spam URI Realtime Blocklists filter also detects email addresses as URLs
- Level of Trust subject bonus is granted for free mailer addresses
- Alert to the Administrator about license validation failed
- Content filter treats folders inside of zip archives as empty files with mime type "application/octet-stream" and without file name
- PDF document is corrupted after content disarm
- Attachments without filename can't be uploaded to the Web Portal: Value cannot be null, parameter name: filename
From 13.0.19147.917:
- Change supported Outlook Version from 2007 to 2010 Service Pack 2
- Incorrect charset detected after decrypting a PGP encrypted text attachment
- PGP signature validation fails if the signature contains a non-standard issuer-fpr subpacket
- Self-signed pgp key created in kleopatra could not be imported
- Self-signed pgp public keys could not be imported
- If a public key lookup service is not responsive, mailflow may be interrupted
- UI incorrectly states that the 13.0 already scans links for PDF documents
- Email without signer infos is displayed as signed and unmodified in Message Track
- License on Gateway Role and Web Portal becomes invalid after 30 days even if the license server successfully confirmed the license
- Retrieving Level of Trust domain bonus causes error: Object reference not set to an instance of an object
- URL Safeguard: Exception when reporting misclassification
- Dialog with error by configuration of AD enrolment
- Target host missing from Message Track delivery attempt if email is temporarily rejected
- ResettableCancellationToken not properly disposed
- Message Track displays "No bonuses where granted because the email was not authenticated" if Level of Trust is configured to require authentication only for the domain bonus
- Outlook Add-in does not create HTML file
- Get-NspMessageTrack missing TLS information
- Email is supposed to be rejected due to a validation timeout but is delivered to the recipient if the email is put on hold by the Content Filter
- Failed to create an address rewriting entry
- Outbound automatic reply is not sent if the email is signed, encryption is required, and PDF Mail is used as fallback encryption
- PGP encrypted email could not be decrypted: Invalid header line
- Calendar invites from O365 are not detected properly and signed, even if signing of calendar invites is disabled
- An unexpected error occurred while signing or encrypting a message
- URL Safeguard creates visited URL replication artifacts with empty recipient that can't be processed by the Intranet Role
New / Changed
- Cyren URL classification service in Spam URI Realtime Blocklists
- Make Greylisting Action independant from Cyren IP Reputation
- DKIM generator: split RSA and ed25519 into separate textboxes
- PDF URL detection and content filter handling
- Change DNS resolution for the OData endpoint
fixed issues
- Impossible to use "Cyren URL classification service" alone
- Web Portal file store permissions hint doesn't include required "Modify" permission for NT Service\NetatworkMailGatewayFileSynchronizationService user
- Base64 encoded mime parts are not encoded correctly after being processed by URL Safeguard
- Web Portal settings can't be saved if neither PDF Mail nor Large Files is available
- Owned domains could not be associated with new created Office 365 tenant
- Self-signed pgp public keys could not be imported Multipart/Mimepart encoded with UUEncode cannot be parsed.
- SMIME signature validation is not successful and email is marked as "probably modified" Default values for
- PSS certificate are not used Emails with different case sensitivity could be added in filters of email flow
- Web Portal File Replication Service: Object reference not set to an instance of an object.
- Base64 decoding fails if the base64 content ends with a line of tab stops
- MessageTracking is not cleaned up properly and fast enough (StackOverflowException)
- Mime type detection for XML files sometimes takes 100 seconds per file
- Email with JavaScript in PDF could not be processed
- Email could not be signed if root imported after user certificate
- Outlook calendar invites are modified, and the calendar part is not displayed in Outlook after being processed
- Wrong info in message track if URL tracking is disabled
- Intranet role cannot communicate with WebPortal with TLS 1.2 only
- PDF document with UTF-8 with BOM encoding is detected as text/plain
- Emails are accepted if an error occurs that is not a timeout and the validation timeout handling is set to "Accept".
- URL Safeguard swaps domains in enQsig links without checking if it contains own domain
- Fraud action: Checkbox for "Ignore emails on trusted partner" does nothing
- Web Portal File Replication Service: Object reference not set to an instance of an object.
- IssuedTo is not set or shows type name by user certificates
- Reputation Filter "'Header-From' is an owned domain" test tries to validate email addresses in the display name
- Documentation on reputation filters not sufficient
New / Changed
- Add content filter mime type encrypted PDF
Add content filter mime type unprocessable pdf files
fixed issues
- NDR or out-of-office messages are not detected as being sent from a corporate email server if "SPF protected local address" is used
- De-mails are not routed if there is no De-Mail connector
- GET-NSPCERTIFICATE cmdlet displays only SubjectCN instead of SubjectDN
- Word Filter: behavior if none of the words are found
- PDF restrictions are swapped
- Padding is invalid and cannot be removed
- URL detection in PDFs causes external process to appear with high cpu load
fixed issues
- Double issue if number of De-Mail domains permitted in license is exceeded
- DKIM keys are not re-encrypted if the sensitive data protection password is changed
- All features are disabled in license on Gateway Role after update to 13.0
- Encrypt pdf with password in subject flag does not work
- Failed to announce a new replication partner. Error: Only parameter-less constructors and initializers are supported in LINQ to Entities
- Status of the CYREN integration service could not be determined
fixed issues
- [URL Safeguard] Domains are not rewritten if they contain international characters
- WebPortal setup could not be downloaded over the link in mmc
- Different error status from DNS with enabled/disabled TLS cert validation
- Email is not signed with pgp key if key for partner not active/exist but smime is active
- Sandbox usage is counted incorrectly
- No DKIM keys can be created for domains shorter than 8 characters
- Attachments having a filename without extension can't be scanned by Cyren when uploaded to the Web Portal
- DKIM: CNAME reference for ECDSA key is wrong
- Configuration error in WebPortal.config after updating to 13.0
- Password selection "Use the password supplied by the sender" for the "Protect attachments with a password" action always generates a new password if no password is supplied
- Large files file name is truncated to 64 characters
fixed issues
- Check for an updated license doesn't work after it failed once because no gateway role could be reached
- Better wording in tooltip for outbound Large File links (content filter action)
- Punctuation mistake and inconsistency in 'License update failed' dialog
- Exception occurs during the validation of SMIME messages
- Online license could not be validated after update to 13.0
New / Changed
- Option to archive files modified by the content filter Replace keywords in an email with a disclaimer
- Sandbox
- Better support for a large number files in the Web Portal
- Better user experience with partially deleted messagetracks
- automatic license management
- Message tracks now contain the SHA-256 hashes of attachments (not visible in message tracking)
- Improved display of the Level of Trust details in the Message Tracking
- Removed INPS Blacklist
- Edi@Energy: Use SHA-256 MFG with RSA-OAEP
- URL Safeguard
- Report False Positive emails to Cyren from the Message Tracking
- Report False Positive and Negative Urls in a Message Track
- Discontinued Proxy Mode for inbound mails
- CxO Fraud action
- Administrative alert when the database is nearly full
- More types in file type detection
- Protect large files with a password
- Consolidated all malware scanners into a single action with better failure handling and administrative alerts
- Remove LAB Status from ICAP supports
- Remove LAB status from PDF Content Disarm
- Partial S/MIME support (AES-GCM)
- Sign with DKIM EdDSA keys
- Revamped UI for the Content Filter Action
- Improved performance in message tracking searches
- Extension of Reputation filter (Header-From and Header-To)
- Heimdall (action in rule)
- Extension of E-Mail Notifications
fixed issues
- Email with virus is not blocked if host to ICAP could not be resolved
- Error "Value cannot be zero. Parameter name: input" when email is processed by "S/MIME and PGP validation and decryption" action
- De-Mail permissions are not replicated to Gateway Role
- Fixed issue with legacy license settings in config file
- Signature of the email is invalid if another email with text/plain body attached
- Duplicate entries in gateway role DNS cache
- DKIM signature is invalidated if subject flags are used
- Fixed incorrect display of level of trust information (If the sender IP was trusted, the sender was still not displayed as authenticated)
- A potentially dangerous Request.Form value was detected from the client
- Error message "An item with the same key has already been added" during AD Synchronization
- EdDSA signature has been removed from email
- Missed ValidationTimeoutHandling parameter by Set-NspSmtpProtocolSettings
- DNS cache invalidation not working properly with multiple entries that have a different TTL
- Greylisting doesn't work correctly if the email has been put on hold for content filtering
- User certificate is not imported if root/intermediate not exists or in quarantine
- Get-NspLargeFiles does not output the field ContentType
- Certificate is valid despite of quarantined root and intermediate certificates
- Greylisting action will be executed even if email is trusted
- Object reference not set to an instance of an object
- Email attachment is not protected if auto-encryption and email to PDF in rule
- Email cannot be decrypted due to Null reference exception
- ERROR while "Discover DNS settings"
- User field could not be added: Internal server error
- TNEF: Decrypted attachment has an unexpected name and file format
- Cache for trust points for sender domain is not updated
- NullReferenceException when updating default partner settings
- CYREN IP Reputation Service could not be started
- Greylisting action executed in web portal emails
- No activity for "Applied disclaimer" in message track
- PGP key is not imported if PGP signature shouldn't be removed
- Possible word filter false positive if word contains an "m" or "v" and obfuscated words should be found
- Word filter does not block obfuscated words
- Attachment information are removed from MessageTrack JSON after content filtering
- Word filter message contains word with bracket in message track
- Level of Trust address pairing bonus points is incorrect
- No error message in Message Track if Cyren service is not responding
- No line break for content filter upload hints in HTML mails
- Email could not be signed if root imported after user certificate
- Connection to SwissSign CA cannot be established
- Attachment name is not correct after Web Portal Upload
- Cannot add a new gateway role altough limit of additional servers has not been reached
- Partner with user settings and without domain settings is not shown in partners view
- Synchronization process with other Web Portals failed
- License is marked invalid although everything is okay
- Excel document with OLE object is not detected correctly
- Wrong number of users displayed in partners
- CYREN IP Reputation Service could not be started
- Synchronization process with other Web Portals failed unexpectedly
- Zip file entry with invalid filename causes Content Filter failure
- DNSSec validation should not be performed for inbound connections
- Exception by extreme long name in user fields
- Email addresses with display name are not parsed correctly if the display name contains a different email address
- Special characters in 8bit encoded mime part are replaced with ? after signing
- An error ocurred while checking a mail: The value must not be NULL. Parameter name: pattern
- Corporate user search doesn't search description field
- Content filter message size limit is applied to announced message size if content filtering is disabled in rule
- Activities for SMIME decryption/encryption do not display padding mode
- Encryption algorithm mode is not displayed in case of CBC
- Email is not blocked if message limit is used
- Target Info is missing on General tab in message track
- If content filters are defined for partner and corporate user, CDR and sandbox settings are not considered when comparing actions
- Content filter and action are not sorted
- Attachments in winmail.dat are not removed
- After merging pdf files final PDF is not disarmed.
- Encryption padding in Message Track is incorrect for inbound emails if OAEP padding is used
- Encryption padding in Message Track is incorrect for outbound emails if EDI@Energy compliance is used to ensure valid encryption algorithms