Clearswift SECURE SECURE Email Gateway 4.2.0 ReadMe

This release of the Clearswift SECURE SECURE Email Gateway provides a fully functional Adaptive Data Loss Prevention (A-DLP) solution, operating on the 64 bit platform of Red Hat Enterprise Linux 6.6. The SECURE Email Gateway helps to prevent critical information data loss while protecting the intellectual property and brand of your organization.

Before you install the product

We strongly recommend that you follow the installation steps outlined in the Clearswift SECURE SECURE Email Gateway Installation & Getting Started Guide. These instructions enable you to install the Gateway correctly and safely.

If you are migrating from a previous version of the Clearswift SECURE SECURE Email Gateway, you must:

1. Apply your most recent configuration

2. Back up your system and latest configurations before installing.

Detailed instructions on backup and restore are available in the Installation & Getting Started Guide.

Download the Clearswift SECURE SECURE Email Gateway 4.2 Installation & Getting Started Guide

Installing the product

You can install the SECURE Email Gateway from the ISO image available for download in the Online Clearswift Repository.

Full installation instructions are provided in the Clearswift Gateway Installation & Getting Started Guide.

Upgrading from an earlier version 4 release to version 4.2

Perform the following steps to download and apply software updates when you upgrade from Clearswift SECURE Email Gateway 4.1 to 4.2.

Open an SSH session and access the Clearswift Server Console. Log in using your cs-admin access credentials.

Online or Offline mode? Offline mode is designed for installations that operate in a closed environment, disconnected from the Internet. Unless this is a specific requirement for your system, you should install the Clearswift SECURE Email Gateway in online mode. To perform an offline upgrade you require a copy of the latest release ISO mounted to suitable media (DVD/USB). Please contact Clearswift Technical Support if you need additional guidance on how to complete this step.

If you have online repositories enabled, updates will be downloaded overnight (automatically). You can apply them immediately. You can also use the Check for New Updates button if you believe that there has been a recent security fix issued.

To apply software updates:

1. Select Configure System > View and Apply Software Updates > Apply Updates > OK from the Clearswift Server Console main menu.

2. Select Yes to confirm that you want to apply the updates.
   All downloaded updates will now be installed. This process can take several minutes. A rolling progress log will be displayed.

3. When the Operation Complete message appears, select Done to complete the install process.

At the end of the upgrade process, the system will prompt you to either reboot or log out. Follow the instructions on-screen.

Gateway services will restart automatically in either case.

New features

There are a number of new features included in this release:

• Sophos Anti-Virus Live Protection
• Secure FTP support
• New Remediation report
• Wildcards on domain names for TLS connections
• Installed software packages displayed
• Information Governance summary on Held Messages
• Improved content rule order processing

For more detail on these new features and how you can use them, see What's New in 4.2.0 in the online help.

Fixed issues

This update fixes the following issues:

SECURE SECURE Email Gateway issues

• Non-GMT locales display incorrect time stamps for held messages

  On systems configured with locales other than GMT, the time stamp displayed for a held message might not match the event time displayed in Message Tracking. The Held Message view displayed times in GMT and not the timezone of the locale selected. This issue has been resolved.

• Cannot apply policy when using an LDAP address list that returns email addresses containing special characters

  The Gateway policy could not be applied when using an LDAP address list that returned email addresses containing special characters. This issue has been resolved and the policy engine will now use these addresses as expected.

• Lexical analysis was not run on message headers within encrypted messages

  The Gateway did not scan the message headers of encrypted messages that users applied lexical expression content rules to. This issue has been resolved.

• TLS errors including weak cipher strength

  TLS now functions with reviewed cipher suites. Weak legacy RC4 ciphers have been removed from the High and Medium Cipher Strength settings.

• Spam detection rates lower than expected

  This release will by default have a more aggressive spam policy with newsletters. Clearswift recommends configuring your spam policy white lists and using PMM to allow users release the newsletters they want to receive. To adjust the newsletter detection settings, contact Clearswift Support.

  There is also an updated version of the Ports and Protocols document that lists the necessary firewall settings. You should regularly review this document with your firewall settings as update servers can be amended to provide greater capacity.

Known issues

The following are known issues or limitations in this release:

Clearswift SECURE SECURE Email Gateway Gateway issues

• Newsletters treated as suspected spam

  Upgrading from 4.1 to 4.2 automatically updates and strengthens existing spam detection rules. Consequently, all newsletters are now treated as suspected spam.

  What can I do?

  Check any existing content rules detecting newsletters and adjust manually if required. Alternatively, contact Clearswift Support for further guidance.

• ImageLogic Listed images not automatically migrated to new Gateway peers

  ImageLogic blacklisted or whitelisted images might not be automatically transferred to a new peer when the configuration is applied.

  What can I do?

  Apply the images manually to the new peer.

• Installation wizard screen order

  The order of screens displayed in the installation wizard can be inconsistent when navigated with the Back button. For example, the Back button does not return to the most recent screen when clicked from the Congratulations page.

• Configuration changes following installation

  Following an installation, the following inform is displayed sporadically: 'Configuration changes have been made that need to be applied to take effect'. It is possible that this message is not displayed consistently.

  What can I do?

  Apply the latest configuration (where possible) at the earliest opportunity, even if the message is not displayed.

• 'Unknown' S/MIME signatures in FIPS mode

  If a Gateway is FIPS enabled, legacy or non-compliant S/MIME signatures will be identified as 'Unknown'.

• Adaptive Redaction limitations

  There are a number of specific limitations which should be noted:

  • PDF document properties can be detected but cannot be redacted.
  • Comments in PDF documents can detected but cannot be redacted.
  • Text in Microsoft Excel can be successfully redacted in .xlsx format only. Redaction affects formulas and any cells whose value is used in calculation. Cells that declare a shared formula, an array formula, or are part of a data table cannot be redacted.

  • Numbers of 16 digits or more in Microsoft Excel cannot be redacted.

    See Microsoft support article.

  • Content in Microsoft Office documents with extensions of .doc, .xls, or .ppt can be detected but not redacted.

• Content rules and peered Gateways

  It is possible to add and modify content rules which are licensed on any of the peers in the group. However, each Gateway peer applies the local licensed policy. This might result in redundant content rules on Gateway peers which are not licensed to apply them.

  For example, in a peer group of Gateways, Peer A might be installed with a supplementary license feature for Redaction whereas Peer B is not. It is possible to add a Redact Text content rule to a policy route on Peer B, but redaction will not be applied to content processed by Peer B.

• Log Export and ArcSight

  If using ArcSight, we recommend that you specify the TCP Receiver Source Type as logger_syslog.

• Displaying online help with Internet Explorer (IE8)

  Internet Explorer might stop working or you might encounter screen format issues when displaying help in IE8.

  If this happens, you need to add the site to Compatibility View. From the Browser, click Tools > Compatibility View Settings, and add clearswift.com.

• FTPS Export of transaction logs fails

  FTPS (explicit) export of transaction log might fail if attempted using FileZilla.

Product version end of life

Note the following end of life information:

• Clearswift SECURE SECURE Email Gateway Gateway 3.7 started end of life process on 31 July 2015 and will not receive technical support after 31 July 2016
• Clearswift SECURE SECURE Email Gateway Gateway 4.0 started end of life process on 31 July 2015 and will not receive technical support after 31 July 2016
• All previous versions have reached end of life.

For more details, see the End of Life statement.

Contact information

For contact details, information on product updates and other products, see the Clearswift Website.

Revision 1.0 July 2015

Published by Clearswift Ltd.

© 1995-2015 Clearswift Ltd

All rights reserved

The materials contained herein are the sole property of Clearswift Ltd. No part of this publication may be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd.

Information in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarities.

The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd.

All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.

Clearswift reserves the right to change any part of this document at any time.

Copyright © 1997-2015 Kaspersky Labs, 10 Geroyev Panfilovtsev St., 125365 - Moscow, Russian Federation. The Kaspersky Logo and Kaspersky product names are trademarks of Kaspersky Labs.

Copyright © 2000-2015 Sophos Limited. All rights reserved. Sophos is a registered trademark of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

Licensed under US Patent No:5,623,600

Protected by UK Patent 2,366,706

The software allows Clearswift to collect certain data from you regarding spam and other unwanted emails. Clearswift will use this information to improve its service to you (defined as the "Support Service") in the license agreement. Clearswift will use all information provided in accordance with the license agreement and Clearswift's stated privacy policy which can be found at http://www.clearswift.com/about-us/legal-information.