PureMessage for Microsoft Exchange version 3.1.3 release notes

New in this version

  • Introduced an industry standard AES256 encryption algorithm to store sensitive data.
  • Improved handling of sensitive data to prevent data leakage.
  • Fixed an issue that could cause the configuration backup to fail.
  • Stability and security related enhancements.

System requirements

For system requirements, go to the system requirements page of the Sophos website (www.sophos.com/en-us/products/all-system-requirements.aspx).

Known problems

  • PureMessage installs Microsoft .NET Framework 3.5 Service Pack 1 as a prerequisite, because of which you may experience issues with components related to Exchange Web services including:
    • Outlook Web Access
    • Office Communications Server integration
    • Outlook Address Book
    • Out of Office notifications

    To resolve these issues, install the update for .NET Framework provided in Microsoft knowledgebase article 959209 (http://support.microsoft.com/kb/959209).

  • Microsoft Essential Business Server 2008 and Microsoft Small Business Server 2008 both come with Microsoft Forefront Security for Exchange Server preinstalled. You should uninstall Forefront before installing PureMessage.
  • If you install PureMessage on a computer in a workgroup, you cannot use a Microsoft SQL Server database located on a different computer (that is, a remote database). You can specify a remote database during installation, but PureMessage does not set the necessary access rights. In this case, contact Sophos technical support for a workaround.
  • If you install PureMessage on a Windows Server 2003 R2 SP2 computer, the configuration settings entered during the installation of PureMessage may be lost if either of the following two prerequisites is not installed:
    • .NET Framework 3.5 SP1
    • Windows Installer 4.5

    To workaround this problem, install these prerequisites before installing PureMessage.

  • The installer may fail with an error Setup was unable to create the PureMessage databases.
    This can happen if, in the past, you have uninstalled the SOPHOS database instance from Microsoft SQL Server or uninstalled Microsoft SQL Server itself. In this case, delete the following files from the MS_SQL_INSTALL_FOLDER\MSSQL.X\MSSQL\Data folder.
    • SavexCnfg.mdf
    • SavexCnfg_log.ldf
    • SavexDir.mdf
    • SavexDir_log.ldf
    • SavexQuar.mdf
    • SavexQuar_log.ldf
    • SavexRprt.mdf
    • SavexRprt_log.ldf
  • (DEF 83210) The installer may fail with the following error:

    0x80040e14 - idispatch error 3092 unable to start the PureMessage database.

    This can happen if you try to install PureMessage to a SQL instance which was installed to be case sensitive. To avoid this, install PureMessage to a SQL instance that is not case sensitive .

  • (DEF 83055) The installer may fail with an error similar to:

    PMInstallUtil.cpp ln 5750: ERR Failed '(iErr != ERROR_SUCCESS) && (iErr != ERROR_ALREADY_EXISTS)' : Win32 error 0x800700a1.

    This can occur when attempting to install on an SCC cluster using folder-mounted shared storage.

  • (WKI 50085) After the installation of PureMessage, you may receive a message "Could not connect to master synchronization server" while opening the PureMessage administration console. You receive this message if some of the servers in a configuration have been upgraded and others are not. To avoid this, ensure you upgrade all the servers in the configuration group one after another.
  • (WKI 50589) While attempting to install PureMessage on a Microsoft Essential Business Server (EBS), the installer may fail during .NET Framework installation. For information on how to workaround this issue, see http://blogs.technet.com/essentialbusinessserver/archive/2009/05/07/microsoft-net-framework-3-5-sp1-kb951847-fails-to-install-on-ebs-servers.aspx.
  • (WKI 51027) When installing PureMessage on Windows 2008 R2, installation of SQL 2008 Express Edition may fail with a message similar to:
    Error code 2064843076 was returned when running:

    <path>\SQLEXPR_x64_ENU.exe /QUIETSIMPLE /ACTION=INSTALL /FEATURES=SQL /INSTANCENAME =SOPHOS /SQLSVCACCOUNT ="NT AUTHORITY\NETWORK SERVICE" /SQLSYSADMINACCOUNTS="BUILTIN\Administrators"

    This is due to an issue with Microsoft SQL 2008 Express Edition. Reinstalling PureMessage usually resolves this problem.

  • (WKI 51471) When attempting to install PureMessage, the installation may fail with a message similar to:

    Error code 1 was returned while running:<path>\Bootstrap.exe install sav <path>

    You receive this message if the installer path has exceeded the maximum character length of 256, or if you are installing from a network location. To avoid this, copy the installer locally with install path not exceeding 256 characters.
  • (WKI 52804) When installing PureMessage on Windows Server 2008 Active Directory with Exchange Server 2007. You may receive the following error:

    Error code 2067529721 was returned when running:

    <path>/SQLEXPR_x64_ENU.exe /QUIETSIMPLE /ACTION=INSTALL /FEATURES=SQL /INSTANCENAME=SOPHOS /SQLSVACCOUNT="NT AUTHORITY\SYSTEM"/SQLSYSADMINACCOUNTS="BUILTIN\Administrators"

    With 'Error: Unable to find media for .Net version 2.0' in the SqlSetup.log file created in the system's Temp directory.

    This is due to an issue with Microsoft SQL 2008 Express Edition. Reinstalling PureMessage usually resolves this problem.

  • Tags added to email subject lines (if you set up Email tagging) may be displayed as question marks.
    This occurs when all the following conditions apply:
    • The subject tag contains extended characters, such as Japanese text.
    • The message is encoded in TNEF, which requires that it is sent from a MAPI mail client.
    • The message is encoded using a character set that doesn't support characters specified in the subject tag.
    • The message is viewed with a mail client that uses the multi-byte subject property rather than the wide-character subject property.

      For messages sent from Outlook Web Access with Exchange 2003, the issue can be resolved by modifying the registry value UseRegionalCharset in key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA to zero. See http://support.microsoft.com/kb/830827 for details.

  • X-header tagging only works for Exchange 2003. It does not work for Exchange 2007 and Exchange 2010.

  • (WKI 57286) Non-ASCII characters in Disclaimer text may be displayed as question marks when added to the TNEF messages sent in plain-text format. This issue occurs when the original message Charset does not support the non-ASCII characters.

    To avoid this, it is recommended to use standard ASCII characters when defining disclaimers in PureMessage.

  • (WKI 55150) If you install PureMessage on a computer that has Sophos Enterprise Console (SEC) installed, SEC will display a "Differs from policy" error. The error is displayed as PureMessage will set the autoupdate frequency to 5 minutes from SEC's default update policy of 10 minutes.

    To Workaround this problem, reapply the default update policy for PureMessage systems, or create a seperate group and add allPureMessage servers to that group with a new updating policy.

Additional information

  • The installation program will restart IIS and Microsoft Exchange services (if present) during the installation. Under certain circumstances it may also require the computer to be restarted.
  • PureMessage spam rules are updated every five minutes from Sophos with small update packages. It is recommended that this updating frequency is not changed, for optimal spam capture rate and optimal bandwidth utilization.
  • When you install PureMessage, Sophos Anti-Virus is also installed (if not already present) and on-access virus scanning starts automatically. However, PureMessage excludes certain Microsoft Exchange and IIS folders from virus scanning as recommended by Microsoft. When PureMessage is uninstalled these exclusions are not removed. For more information about the folders that are excluded, see http://www.sophos.com/support/knowledgebase/article/12214.html.

    The \Temp folder under the PureMessage installation folder is also automatically excluded from virus scanning. However, when PureMessage is uninstalled this exclusion setting will be removed from Sophos Anti-Virus.

  • You cannot upgrade a version of PureMessage that includes both anti-virus and anti-spam support to a version that includes only anti-virus support.
  • During installation, you may notice a few errors in the Event log as described below.

    These errors are reported when PureMessage installer attempts to detect the presence of Visual C++ redistributables. These errors can be safely ignored.

    Source Event ID Description
    SideBySide 59 Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{A4D87BE1-AFC4-461B-A66C-AFA239935F57}\VCRedist64Test.dll. Reference error message: The referenced assembly is not installed on your system.
    SideBySide 59 Resolve Partial Assembly failed for Microsoft VC80.CRT. Reference error message: The referenced assembly is not installed on your system.
    SideBySide 32 Dependant Assembly Microsoft VC80.CRT could not be found and last error was The referenced assembly is not installed on your system.
  • During installation on a cluster, you may notice a few errors in the event log as described below.

    These errors are reported because the PureMessage cluster resource DLL is not present on all nodes during installation. After PureMessage is installed on all nodes, these errors will no longer be reported. These errors can be ignored safely.

    Source Event ID Description
    ClusSvc 1058 The Cluster Resource Monitor could not load the DLL PmClustResTypeXXXX.dll for the resource type PureMessage service X.X.X.X.
  • After PureMessage installs SQL 2008 Express edition, the Windows event log may contain several application error log entries as described below. These errors can be ignored safely.
    Source Event ID Description
    MSSQL$SOPHOS 15151 Cannot find the object 'database_audit_specifications', because it does not exist or you do not have permission.
  • On Windows 2008, you may notice warnings in the event log from the Microsoft Defender Real-Time Protection agent as described below.

    Please choose to allow Sophos applications.

    Description:
    
    Windows Defender Real-Time Protection agent has detected changes. 
    Microsoft recommends you analyze the software that made these changes
    for potential risks. You can use information about how these programs
    operate to choose whether to allow them to run or remove them from 
    your computer. Allow changes only if you trust the program or the 
    software publisher. Windows Defender can't undo changes that you 
    allow.
    
    For more information please see the following:
    
    Path Found:
    file:C:\Windows\tasks\Sophos-PureMessage-StoreMonitorHealthCheckTask.job;
    file:C:\Program Files\Sophos\PureMessage\bin\FireJob.exe;
    taskscheduler:C:\Windows\tasks\Sophos-PureMessage-StoreMonitorHealthCheckTask.job
    
    Alert Type: Unclassified software
    
  • The default action in the case of an application error is Deliver message. Sophos strongly recommends that this action is not changed.
  • PureMessage does not support multiple administration consoles running simultaneously on the same machine or multiple administration consoles connecting to the same server at the same time.
  • Files left behind after the uninstallation of PureMessage:

    The quarantine directory INSTALLDIR\Quarantine is left behind on the server. This enables you to retain quarantined items during uninstallation and reinstallation of PureMessage. If you no longer need the quarantined items, delete this directory.

    On an SCC cluster, the Quarantine folder can be found on the shared drive under SHAREDDRIVE\Sophos\PureMessage\Quarantine.

    The logs directory INSTALLDIR\Logs is left behind on the server. If you no longer need the log files, delete this directory.

    The file PMClustResTypeXXXX.dll is left behind in the C:\WINDOWS\system32\ folder. This is the PureMessage cluster resource DLL that can be deleted from all nodes in a cluster after PureMessage is uninstalled from all the nodes.

    On an SCC cluster, the following folders are left behind on the shared drive:

    SHAREDDRIVE\Sophos\PureMessage\Config
    SHAREDDRIVE\Sophos\PureMessage\ReportsPending

    These folders can be deleted after uninstalling PureMessage from all nodes.

  • Exchange 2007 deployed in an edge role has an attachment filter agent, which filters mail at the protocol level. As a result, some viruses are removed, and some attachments replaced before PureMessage gets to scan the email. For this reason, the Dashboard and Activity Monitor may display a lower level of unauthorized traffic for a server providing protection at the network perimeter than for other servers.
  • After installing PureMessage, it is recommended that a Windows Update is run on the server to ensure all the latest security patches are installed.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2013 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

XPExplorerBar

Copyright © 2004-2005, Mathew Hall

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.