PureMessage for Microsoft Exchange 3.0.1 release notes ------------------------------------------------------ Product version : 3.0.1 www.sophos.com Important information you need before installation -------------------------------------------------- * For information about system requirements, installation and uninstallation please refer to the PureMessage Startup guide. * You can upgrade from Sophos PureMessage for Windows/Exchange, version 2.6.1 and later Sophos PureMessage for Windows/Exchange (Small Business Edition), version 2.6.1 and later. If you are upgrading your existing PureMessage installation then please read the Upgrade guide before installation. We recommend reviewing the minimum and recommended system requirements prior to upgrading. You cannot upgrade a version of PureMessage that includes both anti-virus and anti-spam support to a version that includes only anti-virus support. * Exclusion of Microsoft Exchange and IIS related folders from desktop virus scanning (as recommended by Microsoft). When you install PureMessage, Sophos Anti-Virus is also installed (if not already present) and on-access virus scanning starts automatically. However, PureMessage excludes certain Microsoft Exchange and IIS folders from virus scanning as recommended by Microsoft. When PureMessage is uninstalled these exclusions are not removed. See http://www.sophos.com/support/knowledgebase/article/12214.html for more information about the folders that are excluded. * The \Temp folder under the PureMessage installation folder is also automatically excluded from virus scanning. However, when PureMessage is uninstalled this exclusion setting will be removed from Sophos Anti-Virus. * Microsoft Windows clustering support: Active/Active clustering configurations are not supported. For Active/Passive clustering configuration information, please refer to the "Support for Windows clusters" section in the Startup guide. Clusters with Exchange 2007 installed in Cluster Continuous Replication (CCR) mode are not supported in this release. Sophos plans to add support for this clustering model in a future version of PureMessage. Clusters with Exchange 2007 installed in Standby Continuous Replication (SCR) mode are also not supported in this release. * The installation program will restart IIS and Microsoft Exchange services (if present) during the installation. Under certain circumstances it may also require the computer to be restarted. * Windows 2003 Security Configuration Wizard If the Security Configuration Wizard (SCW) is detected on your system, then the installer will register a PureMessage knowledge base and start SCW when installation has completed. If you use SCW to harden your system, then you should run the wizard once the PureMessage installation has completed, and check the PureMessage option to allow access via the firewall. This will create an appropriate policy for you to apply. Contents -------- New in this version Main features Known problems Additional information New in this version ------------------- * PureMessage has been localized in Japanese. * This version fixes a problem in which some messages result in a Non-Delivery Report (NDR) loop after being processed by PureMessage. * This version fixes a problem in which some messages are not delivered after they are processed by PureMessage. * This version fixes a problem in which PureMessage fails to add a disclaimer to some outbound messages and reports an error (0x8003001D) in the SMTP log file. * This version fixes a problem in which Exchange store scanning reports an application error when scanning certain messages in the store. Main features ------------- * Support for Microsoft Exchange 2007 and the 64-bit version of Windows Server 2003. * Integration with Active Directory for use within email policy. * Ability to apply email policy to a specific email direction (inbound, outbound and internal). * Ability to detect Potentially Unwanted Applications (PUAs). * Ability to monitor and manage multiple PureMessage instances from a single console. * User interface with a new email security dashboard and activity monitor. * Graphical reporting with 25 management reports. * Ability to search for phrases in email body and attachments using wild cards and regular expressions. * Ability to block files by name or by their True File Type (TFT). * Ability to add disclaimers to outbound messages. * PureMessage spam rules are updated from Sophos every 5 minutes with small update packages to provide a better spam capture rate. More information can be found in the "Additional information" section found below. Known problems -------------- * When installing on a Exchange 2007 cluster, the installer requires that a Microsoft Distributed Transaction Coordinator (MSDTC) resource be present on the cluster. The MSDTC resource can be removed after PureMessage installation completes. * If you install PureMessage on a computer in a workgroup you cannot use a MS SQL server database located on a different computer (that is, remote database). You can specify a remote database during installation, but PureMessage does not set the necessary access rights. In this case please contact Sophos technical support for a workaround. * During installation, you can specify the MS SQL server you want to use. If you click "Browse" to browse to the server, the browser dialog may not list the MS SQL Server database instance that you wish to select. In this case, type the database name into the text box provided in the format \, e.g. MYDBSERVER\SOPHOS * During installation, when you specify the MS SQL server, the installer may fail to connect to the chosen MS SQL server database instance. In this case, you should: a) Ensure that the MS SQL server computer is in the same domain as the current machine. b) Ensure that the instance name is correct. c) If you are using a MS SQL Server 2005 database located on a different computer (remote database), then, using the MS SQL Server Configuration Manager, enable the TCP/IP protocol for the database instance and start the SQL Server Browser service. * The installer may fail with an error "Setup was unable to create the PureMessage databases". This can happen if in the past you have uninstalled the "SOPHOS" database instance from MS SQL server or uninstalled MS SQL server itself. In this case, delete the following files from the [MS_SQL_INSTALL_FOLDER\MSSQL.x\MSSQL\Data folder. SavexCnfg.mdf SavexCnfg_log.ldf SavexDir.mdf SavexDir_log.ldf SavexQuar.mdf SavexQuar_log.ldf SavexRprt.mdf SavexRprt_log.ldf * When using a database on a different computer (that is, remote database, or virtual MS SQL Server instance on the same cluster but a different node) the PureMessage service may sometimes fail to connect to the database because Windows authentication has failed. Possible reasons are: a) The DNS is not correctly setup. b) The time is not synchronized on the two computers. c) The ServicePrincipalName property in Active Directory is missing the entry for that MS SQL Server instance (this may happen if MS SQL Server was installed using a local administrator account without rights to write to the Active Directory). Contact Sophos technical support for more help to identify the problem, or to use SQL Server authentication instead of Windows authentication. * Tags added to email subject lines (if you set up "Email tagging") may be displayed as question marks. This occurs when all the following conditions apply: a) The subject tag contains extended characters, such as Japanese text. b) The message is encoded in TNEF, which requires that it is sent from a MAPI mail client and is internal to the organisation. c) The message is encoded using a character set that doesn't support characters specified in the subject tag. d) The message is viewed with a mail client that uses the multi-byte subject property rather than the wide-character subject property. For messages sent from Outlook Web Access with Exchange 2003, the issue can be resolved by modifying by setting the registry value UseRegionalCharset in key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA to zero. See http://support.microsoft.com/kb/830827 for details. * PureMessage installation fails on a cluster with "extended" characters in the group or resource names If the group or resource names use "extended" characters, e.g. if Japanese resource names are used in a system with an English locale, installation fails. See http://www.sophos.com/support/knowledgebase/article/31777.html for advice on solving this problem. * Application error alerts are delivered to the wrong email address PureMessage delivers application error alerts to the address specified in the "Sender email address" field on the "Email addresses" tabbed page in the "Alert Configuration" section of the management console. These email alerts should be delivered to email addresses specified in the "Send administrator alerts to" list. This issue affects application error alerts only. Additional information ---------------------- * PureMessage spam rules are updated every 5 minutes from Sophos with small update packages. It is recommended that this updating frequency is not changed, for better spam capture rate and lower bandwidth utilization. * During installation you may notice a few errors in the Event log as described below: Source: SideBySide Event Id: 59 Description: Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{A4D87BE1-AFC4-461B-A66C- AFA239935F57}\VCRedist64Test.dll. Reference error message: The referenced assembly is not installed on your system. Source: SideBySide Event Id: 59 Description: Resolve Partial Assembly failed for Microsoft VC80.CRT. Reference error message: The referenced assembly is not installed on your system. Source: SideBySide Event Id: 32 Description: Dependant Assembly Microsoft VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. These errors are reported when PureMessage installer attempts to detect the presence of Visual C++ redistributables. These errors can be ignored safely. * During installation on a cluster you may notice a few errors in the Event log as described below: Source: ClusSvc Event Id: 1058 Description: The Cluster Resource Monitor could not load the DLL PmClustResType4000.dll for the resource type PureMessage service 4.0.0.0. These errors are reported because the PureMessage cluster resource DLL is not present on all nodes during installation. After PureMessage is installed on all nodes these errors will no longer be reported. These errors can be ignored safely. * The default action in the case of an 'application error' is 'Deliver message'. Sophos strongly recommends that this action is not changed. * PureMessage does not support multiple administration consoles running simultaneously on the same machine or multiple administration consoles connecting to the same server at the same time. * Files left behind after uninstallation of PureMessage: The quarantine directory INSTALLDIR\Quarantine is left behind on the server(+). This enables you to retain quarantined items during uninstallation and reinstallation of PureMessage. If you no longer need the quarantined items then delete this directory. (+) On a cluster the Quarantine folder can be found on the shared drive under [SHAREDDRIVE]\Sophos\PureMessage\Quarantine The logs directory INSTALLDIR\Logs is left behind on the server(+). If you no longer need the log files then delete this directory. (+) On a cluster the Logs folder can be found on the shared drive under [SHAREDDRIVE]\Sophos\PureMessage\Logs The file PMClustResType4000.dll is left behind in the C:\WINDOWS\system32\ folder. This is the PureMessage cluster resource DLL that can be deleted from all nodes in a cluster after PureMessage is uninstalled from all the nodes. On a cluster the following folders are left behind on the shared drive [SHAREDDRIVE]\Sophos\PureMessage\Config [SHAREDDRIVE]\Sophos\PureMessage\ReportsPending These folders can be deleted after uninstalling PureMessage from all nodes. * Exchange 2007 deployed in an edge role has an attachment filter agent, which filters mail at the protocol level. As a result some viruses are removed, and some attachments replaced before PureMessage gets to scan the email. For this reason, the Dashboard and Activity Monitor may display a lower level of unauthorized traffic for a server providing protection at the network perimeter, than for other servers.