This release of the Clearswift
There are a number of new features included in this release:
For more detail on these new features and how you can use them, see What's New in 4.3.0 in the online help.
We strongly recommend that you follow the installation steps outlined in the Clearswift |
If you are migrating from a previous version of the Clearswift
1. Apply any pending configuration.
2. Back up your system and latest configurations before installing.
Detailed instructions on backup and restore are available in the Installation & Getting Started Guide.
Download the Clearswift
You can install the
Full installation instructions are provided in the Clearswift Gateway Installation & Getting Started Guide.
Perform the following steps to download and apply software updates when you upgrade to
Open an SSH session and access the Clearswift Server Console. Log in using your cs-admin access credentials.
Online or Offline mode? Offline mode is designed for installations that operate in a closed environment, disconnected from the Internet. Unless this is a specific requirement for your system, you should install To perform an offline upgrade you require a copy of the latest release ISO mounted to suitable media (DVD/USB). Please contact Clearswift Technical Support if you need additional guidance on how to complete this step. |
If you have online repositories enabled, updates will be downloaded overnight (automatically). You can apply them immediately. You can also use the Check for New Updates button if you believe that there has been a recent security fix issued.
To apply software updates:
Select Yes to confirm that you want to apply the updates.
All downloaded updates will now be installed. This process can take several minutes. A rolling progress log will be displayed.
At the end of the upgrade process, the system will prompt you to either reboot or log out. Follow the instructions on-screen.
This update includes the following fixes, which have been implemented since version
A number of issues around the processing of PDF and RTF attachments have been fixed by this release. This includes the handling of XMP data and character encoding.
LDAP groups containing apostrophes were disabled in the query and returned an error: "The LDAP query failed, no such object" if entered manually.
This issue has been resolved.
When setting up a manager relationship list to synchronise with LDAP, the displayed relationship list matches users with the wrong manager.
Manager relationships are now correctly matched.
SPFSender Policy Framework checks were not being performed by a secondary DNS if the primary DNS was not available. SPF checks now use the secondary DNS correctly.
The Greylist response was not shared between SECURE Email Gateways operating at 3.8 and 4.x.
This issue has been resolved. Greylisting is now shared between 4.3 and 3.8 Gateways.
A message in the kernel logs warned that jsvc was running in legacy mode (32-bit). This resulted in low performance.
JVSC is now correctly running in 64-bit mode.
The list of installed packages was not displayed on German systems. All packages are now displayed correctly for each locale.
Umlauts and special characters were not correctly rendered in the decryption summary text.
Special characters are now correctly displayed.
Changing the IP address of a second ethernet device for PMM prevented access to the PMM Portal. This issue has been resolved. IP changes no longer cause PMM Portal failure.
The system returned a Problem message alert: 'Processing failure: Engine failed to process the message' when Japanese characters were included in a lexical content rule. Lexical rules with Japanese characters now process mail correctly.
If a customer name contained symbols, the license was returned as not valid by the Installation Wizard, and the Next button was disabled.
This issue has been resolved. Licenses are now permitted to contain symbols.
Configured SNMP servers could not be removed. This release includes extensive changes to SNMP support, which is now configured using the Server Console. A configured SNMP server can be removed using the console.
This issue has been resolved.
This issue has been resolved.
The following are known issues or limitations in this release:
Improvements made in this release to enforce configured message timeouts will cause the
If you have a high number of messages that time out before the
Images that are uploaded via Gateway Branding for display on the login page of the
If you are installing a SECURE Exchange Gateway in a peer group with a SECURE Email Gateway, we strongly recommend that you do one of the following:
You cannot configure a peered Gateway as a PMM Portal if the peered Gateway has no defined IP address. This is because the mechanism for configuring the IP address of each Gateway is now completed using the Server Console. No IP address is displayed as an option for the Portal if this has not been configured.
Configure the IP address of the Portal using the Server Console. See Networking Configuration for more information.
If you specify a backup location with a forward slash (/) or no slash in the path name, then backup and restore will work without any issues. If the backup location you specify does not exist, then it will be created. However, if you specify a backup location with a backslash (\) in the path name, backup and restore will only work if that location already exists. If the location does not exist, then the backup will fail.
Replace all backslashes (\) with forward slashes (/) in the path name.
Backup over FTPS to a Windows FTP server might be reported as successfully completing, but no files (only folders) are stored on disk. This then results in a warning: There are no backups in that folder when attempting a restore. One initial symptom of this issue is the backup process taking longer than expected.
If your backup is taking considerably longer than expected, it is possible that no files are being backed up. We recommend:
One possible cause of the file transfer failure is a Microsoft known issue. If your files are not backed up and the backup log has reported time-out errors, please refer to https://support.microsoft.com/en-us/kb/2888853
It is not possible to provide HTTPS links in PMM digests in Lite mode. This is expected behavior.
When using Server Console to change your network configuration settings, Server Console is unaware if a Gateway configuration references a particular network adapter or IP address. For example, if
When disabling network adapters and deleting or changing IP addresses in Server Console, you should update the Gateway configuration immediately after if these network adapters or IP addresses were in use by the Gateway.
When completing the Gateway Installation using IE10 as the web browser, FIPS mode is not initiated as expected. The FIPS Mode check box is cleared when the Next button is clicked.
Upgrade your web browser to IE11 or use a different browser (Chrome or Firefox 38) to complete the Gateway Installation Wizard.
A number of alerts are triggered after SCOM monitoring starts. RedHat checks for a range of services including Syslog, the ACPI daemon, NFS and all NFS-related services. However, some of the Operations Manager default-monitored services are not running in the Gateway. This is because the Clearswift Gateway is operating as a customized installation of RedHat.
Alerts for these services (Syslog, ACPI, NFS) can be ignored in this release.
After upgrading to SEG 4.3, Kaspersky Anti-Virus (KAV) takes time to retrieve the most up to date virus definitions. During this time, the virus definitions might appear out of date on the System Health page. Provided you have the required network connectivity, KAV downloads the latest virus definitions within 15 minutes of the reboot at the end of the SEG 4.3 upgrade.
When installation of packages completes, the Gateway continuously reports: HD10_GET_IDENTITY failed for /dev/sda & /dev/sdb. This continues for several minutes, followed by a reboot. After rebooting, the installation completes as expected.
Changes to network settings can affect access to the
Detailed Knowledge-Base articles covering this issue are available. Contact Clearswift Technical Support for further information.
It is possible that deployment of a change to the Server Console is delayed if an anti virus update is simultaneously in progress. The Server Console is unresponsive in this scenario. However, the progress of applying the configuration is displayed in the User Interface Service Log.
Detailed Knowledge-Base articles covering this issue are available. Contact Clearswift Technical Support for further information.
Deleting a SCOM server from the Gateway using Server Console might result in the error message: User account not deleted if the SCOM agent is still running.
Uninstall the SCOM agent using the remote SCOM management UI before attempting to delete the SCOM server from the Gateway.
If the Download New Updates operation is canceled, it is possible that the Server Console will display 'YUM lock' errors.
Wait for the operation to time out after a few minutes and repeat the operation.
SuperMicro E250 and E500 models are currently not supported due to networking issues. Please contact Clearswift Technical Support for more information.
Note the following end of life information:
For more details, see the End of Life statement.
For contact details, information on product updates and other products, see the Clearswift Website.
Revision 1.0 November 2017
Published by Clearswift Ltd.
© 1995-2017 Clearswift Ltd
All rights reserved
The materials contained herein are the sole property of Clearswift Ltd. No part of this publication may be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd.
Information in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarities.
The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd.
All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.
Clearswift reserves the right to change any part of this document at any time.
Copyright © 1997-2017 Kaspersky Labs, 10 Geroyev Panfilovtsev St., 125365 - Moscow, Russian Federation. The Kaspersky Logo and Kaspersky product names are trademarks of Kaspersky Labs.
Copyright © 2000-2017 Sophos Limited. All rights reserved. Sophos is a registered trademark of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
Licensed under US Patent No:5,623,600
Protected by UK Patent 2,366,706
The software allows Clearswift to collect certain data from you regarding spam and other unwanted emails. Clearswift will use this information to improve its service to you (defined as the "Support Service") in the license agreement. Clearswift will use all information provided in accordance with the license agreement and Clearswift's stated privacy policy which can be found at http://www.clearswift.com/about-us/legal-information.