This release of the Clearswift
There are a number of new features included in this release:
For more detail on these new features and how you can use them, see What's New in 4.3.0 in the online help.
|
We strongly recommend that you follow the installation steps outlined in the Clearswift |
If you are migrating from a previous version of the Clearswift
1. Apply any pending configuration.
2. Back up your system and latest configurations before installing.
Detailed instructions on backup and restore are available in the Installation & Getting Started Guide.
Download the Clearswift
You can install the
Full installation instructions are provided in the Clearswift Gateway Installation & Getting Started Guide.
Perform the following steps to download and apply software updates when you upgrade to
Open an SSH session and access the Clearswift Server Console. Log in using your cs-admin access credentials.
|
Online or Offline mode? Offline mode is designed for installations that operate in a closed environment, disconnected from the Internet. Unless this is a specific requirement for your system, you should install To perform an offline upgrade you require a copy of the latest release ISO mounted to suitable media (DVD/USB). Please contact Clearswift Technical Support if you need additional guidance on how to complete this step. |
If you have online repositories enabled, updates will be downloaded overnight (automatically). You can apply them immediately. You can also use the Check for New Updates button if you believe that there has been a recent security fix issued.
To apply software updates:
Select Yes to confirm that you want to apply the updates.
All downloaded updates will now be installed. This process can take several minutes. A rolling progress log will be displayed.
At the end of the upgrade process, the system will prompt you to either reboot or log out. Follow the instructions on-screen.
This update includes the following fixes, which have been implemented since version
Improvements in PDF and RTF handling
A number of issues around the processing of PDF and RTF attachments have been fixed by this release. This includes the handling of XMP data and character encoding.
LDAP query cannot select the OU if the text contains an apostrophe
LDAP groups containing apostrophes were disabled in the query and returned an error: "The LDAP query failed, no such object" if entered manually.
This issue has been resolved.
Manager relationships out of sync using LDAP
When setting up a manager relationship list to synchronise with LDAP, the displayed relationship list matches users with the wrong manager.
Manager relationships are now correctly matched.
Sender Policy Framework (SPF) checks do not work if primary DNS is unavailable
SPFSender Policy Framework checks were not being performed by a secondary DNS if the primary DNS was not available. SPF checks now use the secondary DNS correctly.
Greylist response not shared between peered Gateways (4.X to 3.8)
The Greylist response was not shared between SECURE Email Gateways operating at 3.8 and 4.x.
This issue has been resolved. Greylisting is now shared between 4.3 and 3.8 Gateways.
Log reports "warning: 'jsvc' uses 32-bit capabilities"
A message in the kernel logs warned that jsvc was running in legacy mode (32-bit). This resulted in low performance.
JVSC is now correctly running in 64-bit mode.
Installed packages not displayed on German systems
The list of installed packages was not displayed on German systems. All packages are now displayed correctly for each locale.
Umlauts and special characters not displayed in decryption summary
Umlauts and special characters were not correctly rendered in the decryption summary text.
Special characters are now correctly displayed.
PMM Portal fails if the IP is changed following implementation
Changing the IP address of a second ethernet device for PMM prevented access to the PMM Portal. This issue has been resolved. IP changes no longer cause PMM Portal failure.
Japanese characters in a lexical rule cause message processing failure
The system returned a Problem message alert: 'Processing failure: Engine failed to process the message' when Japanese characters were included in a lexical content rule. Lexical rules with Japanese characters now process mail correctly.
Installation wizard does not validate licenses if the customer name contains symbols.
If a customer name contained symbols, the license was returned as not valid by the Installation Wizard, and the Next button was disabled.
This issue has been resolved. Licenses are now permitted to contain symbols.
Unable to remove SNMP configuration
Configured SNMP servers could not be removed. This release includes extensive changes to SNMP support, which is now configured using the Server Console. A configured SNMP server can be removed using the console.
JRE contains multiple vulnerabilities
This issue has been resolved.
Unable to change the password for keystore
This issue has been resolved.
The following are known issues or limitations in this release:
Increase in timed out messages
Improvements made in this release to enforce configured message timeouts will cause the
What can I do?
If you have a high number of messages that time out before the
Images that are uploaded via Gateway Branding for display on the login page of the
Configuration areas of Email Gateway are lost following peering
If you are installing a SECURE Exchange Gateway in a peer group with a SECURE Email Gateway, we strongly recommend that you do one of the following:
PMM Portal cannot be configured on a remote peer
You cannot configure a peered Gateway as a PMM Portal if the peered Gateway has no defined IP address. This is because the mechanism for configuring the IP address of each Gateway is now completed using the Server Console. No IP address is displayed as an option for the Portal if this has not been configured.
What can I do?
Configure the IP address of the Portal using the Server Console. See Networking Configuration for more information.
Backup fails if path to backup location contains backslash (\) and does not exist
If you specify a backup location with a forward slash (/) or no slash in the path name, then backup and restore will work without any issues. If the backup location you specify does not exist, then it will be created. However, if you specify a backup location with a backslash (\) in the path name, backup and restore will only work if that location already exists. If the location does not exist, then the backup will fail.
What can I do?
Replace all backslashes (\) with forward slashes (/) in the path name.
FTP timeout means FTPS backup not available to restore
Backup over FTPS to a Windows FTP server might be reported as successfully completing, but no files (only folders) are stored on disk. This then results in a warning: There are no backups in that folder when attempting a restore. One initial symptom of this issue is the backup process taking longer than expected.
What can I do?
If your backup is taking considerably longer than expected, it is possible that no files are being backed up. We recommend:
One possible cause of the file transfer failure is a Microsoft known issue. If your files are not backed up and the backup log has reported time-out errors, please refer to https://support.microsoft.com/en-us/kb/2888853
HTTPS selection for PMM Digest in Lite Mode
It is not possible to provide HTTPS links in PMM digests in Lite mode. This is expected behavior.
Gateway configuration not updated when removing IP address or network adapter using Server Console
When using Server Console to change your network configuration settings, Server Console is unaware if a Gateway configuration references a particular network adapter or IP address. For example, if
What can I do?
When disabling network adapters and deleting or changing IP addresses in Server Console, you should update the Gateway configuration immediately after if these network adapters or IP addresses were in use by the Gateway.
FIPS mode not initiated correctly by Gateway Installation Wizard in IE10
When completing the Gateway Installation using IE10 as the web browser, FIPS mode is not initiated as expected. The FIPS Mode check box is cleared when the Next button is clicked.
What can I do?
Upgrade your web browser to IE11 or use a different browser (Chrome or Firefox 38) to complete the Gateway Installation Wizard.
SCOM Server reports unexpected RedHat Alerts
A number of alerts are triggered after SCOM monitoring starts. RedHat checks for a range of services including Syslog, the ACPI daemon, NFS and all NFS-related services. However, some of the Operations Manager default-monitored services are not running in the Gateway. This is because the Clearswift Gateway is operating as a customized installation of RedHat.
What can I do?
Alerts for these services (Syslog, ACPI, NFS) can be ignored in this release.
Kaspersky upgrade takes time to initialize
After upgrading to SEG 4.3, Kaspersky Anti-Virus (KAV) takes time to retrieve the most up to date virus definitions. During this time, the virus definitions might appear out of date on the System Health page. Provided you have the required network connectivity, KAV downloads the latest virus definitions within 15 minutes of the reboot at the end of the SEG 4.3 upgrade.
Initially unable to install Gateway on Dell R220 performance machine
When installation of packages completes, the Gateway continuously reports: HD10_GET_IDENTITY failed for /dev/sda & /dev/sdb. This continues for several minutes, followed by a reboot. After rebooting, the installation completes as expected.
User can inadvertently disable the User Interface
Changes to network settings can affect access to the
What can I do?
Detailed Knowledge-Base articles covering this issue are available. Contact Clearswift Technical Support for further information.
Server Console deployment is delayed by anti virus updates
It is possible that deployment of a change to the Server Console is delayed if an anti virus update is simultaneously in progress. The Server Console is unresponsive in this scenario. However, the progress of applying the configuration is displayed in the User Interface Service Log.
What can I do?
Detailed Knowledge-Base articles covering this issue are available. Contact Clearswift Technical Support for further information.
Error message "User account not deleted" displayed, when trying to delete a SCOM server
Deleting a SCOM server from the Gateway using Server Console might result in the error message: User account not deleted if the SCOM agent is still running.
What can I do?
Uninstall the SCOM agent using the remote SCOM management UI before attempting to delete the SCOM server from the Gateway.
'Download New Updates operation is not fully cancelled producing 'YUM lock' error in Server Console
If the Download New Updates operation is canceled, it is possible that the Server Console will display 'YUM lock' errors.
What can I do?
Wait for the operation to time out after a few minutes and repeat the operation.
No network detected with SuperMicro 250 and 500 servers
SuperMicro E250 and E500 models are currently not supported due to networking issues. Please contact Clearswift Technical Support for more information.
Note the following end of life information:
For more details, see the End of Life statement.
For contact details, information on product updates and other products, see the Clearswift Website.
Revision 1.0 November 2017
Published by Clearswift Ltd.
© 1995-2017 Clearswift Ltd
All rights reserved
The materials contained herein are the sole property of Clearswift Ltd. No part of this publication may be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd.
Information in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarities.
The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd.
All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.
Clearswift reserves the right to change any part of this document at any time.
Copyright © 1997-2017 Kaspersky Labs, 10 Geroyev Panfilovtsev St., 125365 - Moscow, Russian Federation. The Kaspersky Logo and Kaspersky product names are trademarks of Kaspersky Labs.
Copyright © 2000-2017 Sophos Limited. All rights reserved. Sophos is a registered trademark of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
Licensed under US Patent No:5,623,600
Protected by UK Patent 2,366,706
The software allows Clearswift to collect certain data from you regarding spam and other unwanted emails. Clearswift will use this information to improve its service to you (defined as the "Support Service") in the license agreement. Clearswift will use all information provided in accordance with the license agreement and Clearswift's stated privacy policy which can be found at http://www.clearswift.com/about-us/legal-information.
