PureMessage for Microsoft Exchange, version 3.0.2 release notes

New in this version


  • Support for Exchange clusters using Continuous Cluster Replication (CCR) (requires use of the separate CCR-only installation package).
  • Support for Microsoft Windows 2008.
  • Fix for the following problem: When opening the Sophos PureMessage Administration console the following error is returned: Error retrieving data from the server...System.NullReferenceException.
  • Fix for the following problem: The Sophos PureMessage Scanner service (PMScanner.exe) may terminate unexpectedly or hang while performing content (phrase) scanning within rich text (RTF) or PDF files. As a result, messages may get stuck in the queue and spam rule updates may not complete.
  • Fix for the following problem: On Exchange 2007, the process EdgeTransport.exe may terminate unexpectedly when PureMessage tries to replace the rich text body of certain TNEF-encoded messages with plain text.
  • Fix for the following problem: On a PureMessage installation that supports both anti-virus and anti-spam, PureMessage sometimes fails to create (or invoke) the scan engines (spam, virus or content scanning engines) when under heavy load.
  • Fix for the following problem: On a clustered installation, during startup the cluster service appears to hang but eventually starts up after a delay.
  • Fix for the following problem: On a passive node in a clustered installation, there may be several event log entries stating that the Sophos PureMessage service failed to start.
  • Fix for the following problem: PureMessage reports a malformed embedded message error while processing .MHT or .EML attachments.
  • Fix for the following problem: On Exchange 2007, bounce (NDR) messages may not get generated for mail sent to non-existent recipients.
  • Fix for the following problem: End-user quarantine web page sometimes becomes inaccessible.
  • Fix for the following problem: When installing on an Exchange 2007 cluster, the installer requires that a Microsoft Distributed Transaction Coordinator (MSDTC) resource be present on the cluster.
  • Fix for the following problem: Some emails with large attachments do not arrive and PureMessage reports a failure to replace trigger message in the logs.
  • Fix for the following problem: PureMessage logs Error code 0x80004005 in transport post categorization sink while processing certain messages.
  • Fix for the following problem: On Exchange 2007, when multiple policies are applied to a message, a changed message may be forwarded without an envelope address for the sender. An SMTP server further downstream may reject such messages causing delivery failures.

Known problems


  • If you have Adobe Acrobat installed on the PureMessage server, uninstall it before upgrading or installing PureMessage.

    This is because certain versions of Adobe Acrobat, when installed on the PureMessage server, can cause the Sophos PureMessage scanner service (PMScanner.exe) to terminate unexpectedly, or hang, or leak memory. To minimize the risk of encountering problems with Adobe Acrobat, content scanning inside PDF files has been disabled by default for new installations.

  • Microsoft Essential Business Server 2008 and Microsoft Small Business Server 2008 both come with Microsoft Forefront Security for Exchange Server preinstalled. You should uninstall Forefront before installing PureMessage.
  • On Exchange 2007 SP1, PureMessage does not add disclaimers to outbound messages sent from Outlook Web Acccess or Outlook (configured to send messages in Exchange mode using MAPI). As a workaround you can configure Exchange 2007 itself to add disclaimers to outbound messages.
  • On Microsoft Windows 2003 with SP2, if the Security Configuration Wizard (SCW) is installed, then the installer fails to register a PureMessage knowledge base with SCW. The installer displays an error message and continues. If you use SCW to harden your system then contact Sophos technical support for information on how to perform this operation manually.
  • If you install PureMessage on a computer in a workgroup, you cannot use a Microsoft SQL Server database located on a different computer (that is, a remote database). You can specify a remote database during installation, but PureMessage does not set the necessary access rights. In this case, contact Sophos technical support for a workaround.
  • During installation, you can specify the Microsoft SQL Server you want to use. If you click Browse to browse to the server, the browser window may not list the Microsoft SQL Server database instance that you wish to select. In this case, type the database name into the text box provided, in the format MACHINENAME\INSTANCENAME, e.g.
    MYDBSERVER\SOPHOS
  • During installation, when you specify the Microsoft SQL Server, the installer may fail to connect to the chosen Microsoft SQL Server database instance. In this case, you should:
    • Ensure that the Microsoft SQL Server computer is in the same domain as the current machine.
    • Ensure that the instance name is correct.
    • If you are using a Microsoft SQL Server 2005 database located on a different computer (a remote database), use the Microsoft SQL Server Configuration Manager to enable the TCP/IP protocol for the database instance and start the SQL Server Browser service.
  • The installer may fail with an error Setup was unable to create the PureMessage databases.

    This can happen if, in the past, you have uninstalled the SOPHOS database instance from Microsoft SQL Server or uninstalled Microsoft SQL Server itself. In this case, delete the following files from the MS_SQL_INSTALL_FOLDER\MSSQL.X\MSSQL\Data folder.


    • SavexCnfg.mdf
    • SavexCnfg_log.ldf
    • SavexDir.mdf
    • SavexDir_log.ldf
    • SavexQuar.mdf
    • SavexQuar_log.ldf
    • SavexRprt.mdf
    • SavexRprt_log.ldf
  • When PureMessage installs Microsoft SQL Server Express 2005 on Microsoft Essential Business Server 2008 or Microsoft Small Business Server 2008, the SQL Express installer will display the following warning:

    Warning 28123. Warning: SQL Server Setup cannot install this feature because a different edition of this feature is already installed.

    This warning can be safely ignored.

  • When using a database on a different computer (that is, a remote database or virtual Microsoft SQL Server instance on the same cluster but a different node) the PureMessage service may sometimes fail to connect to the database because Windows authentication has failed.

    Possible reasons are:


    • The DNS is not correctly set up.
    • The time is not synchronized on the two computers.
    • The ServicePrincipalName property in Active Directory is missing the entry for that Microsoft SQL Server instance. (This may happen if Microsoft SQL Server was installed using a local administrator account without rights to write to the Active Directory.)

    Contact Sophos technical support for more help to identify the problem, or to use SQL Server authentication instead of Windows authentication.

  • Tags added to email subject lines (if you set up Email tagging) may be displayed as question marks.

    This occurs when all the following conditions apply:


    • The subject tag contains extended characters, such as Japanese text.
    • The message is encoded in TNEF, which requires that it is sent from a MAPI mail client and is internal to the organization.
    • The message is encoded using a character set that doesn't support characters specified in the subject tag.
    • The message is viewed with a mail client that uses the multi-byte subject property rather than the wide-character subject property.

    For messages sent from Outlook Web Access with Exchange 2003, the issue can be resolved by modifying the registry value UseRegionalCharset in key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA to zero. See http://support.microsoft.com/kb/830827 for details.

Additional information


  • The installation program will restart IIS and Microsoft Exchange services (if present) during the installation. Under certain circumstances it may also require the computer to be restarted.
  • PureMessage spam rules are updated every five minutes from Sophos with small update packages. It is recommended that this updating frequency is not changed, for optimal spam capture rate and optimal bandwidth utilization.
  • When you install PureMessage, Sophos Anti-Virus is also installed (if not already present) and on-access virus scanning starts automatically. However, PureMessage excludes certain Microsoft Exchange and IIS folders from virus scanning as recommended by Microsoft. When PureMessage is uninstalled these exclusions are not removed. For more information about the folders that are excluded, see http://www.sophos.com/support/knowledgebase/article/12214.html.

    The \Temp folder under the PureMessage installation folder is also automatically excluded from virus scanning. However, when PureMessage is uninstalled this exclusion setting will be removed from Sophos Anti-Virus.

  • You cannot upgrade a version of PureMessage that includes both anti-virus and anti-spam support to a version that includes only anti-virus support.
  • If the Windows 2003 Security Configuration Wizard (SCW) is detected on your system, then the installer will register a PureMessage knowledge base and start SCW when installation has completed. If you use SCW to harden your system, then you should run the wizard once the PureMessage installation has completed, and check the PureMessage option to allow access via the firewall. This will create an appropriate policy for you to apply.
  • During installation, you may notice a few errors in the Event log as described below.

    These errors are reported when PureMessage installer attempts to detect the presence of Visual C++ redistributables. These errors can be safely ignored.

    Source Event ID Description
    SideBySide 59 Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{A4D87BE1-AFC4-461B-A66C-AFA239935F57}\VCRedist64Test.dll. Reference error message: The referenced assembly is not installed on your system.
    SideBySide 59 Resolve Partial Assembly failed for Microsoft VC80.CRT. Reference error message: The referenced assembly is not installed on your system.
    SideBySide 32 Dependant Assembly Microsoft VC80.CRT could not be found and last error was The referenced assembly is not installed on your system.
  • During installation on a cluster, you may notice a few errors in the event log as described below.

    These errors are reported because the PureMessage cluster resource DLL is not present on all nodes during installation. After PureMessage is installed on all nodes, these errors will no longer be reported. These errors can be ignored safely.

    Source Event ID Description
    ClusSvc 1058 The Cluster Resource Monitor could not load the DLL PmClustResTypeXXXX.dll for the resource type PureMessage service X.X.X.X.
  • On Windows 2008, you may notice warnings in the event log from the Microsoft Defender Real-Time Protection agent as described below.

    Please choose to allow Sophos applications.

    Description:
    
    Windows Defender Real-Time Protection agent has detected changes. 
    Microsoft recommends you analyze the software that made these changes
    for potential risks. You can use information about how these programs
    operate to choose whether to allow them to run or remove them from 
    your computer. Allow changes only if you trust the program or the 
    software publisher. Windows Defender can't undo changes that you 
    allow.
    
    For more information please see the following:
    
    Path Found:
    file:C:\Windows\tasks\Sophos-PureMessage-StoreMonitorHealthCheckTask.job;
    file:C:\Program Files\Sophos\PureMessage\bin\FireJob.exe;
    taskscheduler:C:\Windows\tasks\Sophos-PureMessage-StoreMonitorHealthCheckTask.job
    
    Alert Type: Unclassified software
    
  • The default action in the case of an application error is Deliver message. Sophos strongly recommends that this action is not changed.
  • PureMessage does not support multiple administration consoles running simultaneously on the same machine or multiple administration consoles connecting to the same server at the same time.
  • Files left behind after the uninstallation of PureMessage:

    The quarantine directory INSTALLDIR\Quarantine is left behind on the server. This enables you to retain quarantined items during uninstallation and reinstallation of PureMessage. If you no longer need the quarantined items, delete this directory.

    On an SCC cluster, the Quarantine folder can be found on the shared drive under SHAREDDRIVE\Sophos\PureMessage\Quarantine.

    The logs directory INSTALLDIR\Logs is left behind on the server. If you no longer need the log files, delete this directory.

    On an SCC cluster, the Logs folder can be found on the shared drive under SHAREDDRIVE\Sophos\PureMessage\Logs.

    The file PMClustResTypeXXXX.dll is left behind in the C:\WINDOWS\system32\ folder. This is the PureMessage cluster resource DLL that can be deleted from all nodes in a cluster after PureMessage is uninstalled from all the nodes.

    On an SCC cluster, the following folders are left behind on the shared drive:

    SHAREDDRIVE\Sophos\PureMessage\Config
    SHAREDDRIVE\Sophos\PureMessage\ReportsPending

    These folders can be deleted after uninstalling PureMessage from all nodes.

  • Exchange 2007 deployed in an edge role has an attachment filter agent, which filters mail at the protocol level. As a result, some viruses are removed, and some attachments replaced before PureMessage gets to scan the email. For this reason, the Dashboard and Activity Monitor may display a lower level of unauthorized traffic for a server providing protection at the network perimeter than for other servers.
  • Since version 3.0.2, PureMessage installs its transport agent at a higher priority than the Exchange 2007 transport agents. As a result, any Exchange 2007 rule that handles routed messages will be processed after PureMessage.

Technical support

For technical support, visit http://www.sophos.com/support.

If you contact technical support, provide as much information as possible, including the following:


  • Sophos software version number(s)
  • Mail server or gateway details
  • Operating system(s) and patch level(s)
  • The exact text of any error messages

Copyright

Copyright © 2009 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

iMatix SFL

This product uses parts of the iMatix SFL, Copyright © 1991-2000 iMatix Corporation <http://www.imatix.com>.

XPExplorerBar

Copyright © 2004-2005, Mathew Hall

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:


  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.