List of Fixes:

Issue	Service Request	Description
45149	1-6707291 1-8905861 1-9367630	Insertion of unqualified antispam headers - improved antispam scanning in low memory conditions.
45459	N/A	POP3 UIDL command not supported.
45469	N/A	Disabling send logging corrupts values recently stored.
45445	N/A	Missing graphic on the Diagnostics page.
45893	1-10612686 1-7175388 1-8726271	E-mail Attachments and problems with Web Based E-mail systems.
45585	1-8178226 1-8179856 1-8185196 1-8199283 1-8216665 1-8217345 1-8238512	Smartfilter & User Management gone from interface in Package 180.
45758	1-8386185	Sophos scanning error - unable to handle 70 MB file, reports "uncompressed file too big".
45586	1-10110529 1-10444583 1-10668965 1-8169114 1-8424991	x-headers added to email showing up in different locations since update to 180.
46017	N/A	Alert logs can potentionally fill the disk.
46643	1-8669683	Email messages getting corrupted after updating to pkg 180, not resolved by downgrading to pkg 170.
46338	1-8442929 1-8582939	email virus scanning not working after update to package 180.
46417	1-8168345 1-8168913 1-8189492 1-8258217 1-8280554 1-8315627 1-8318481 1-8424970 1-8668471 1-8691661	Unit failure following upgrade from 170 to 180.
47297	1-9343123	Exchange Synchronization to PDAs fails through load balanced eShields.

List of Known Issues

Issue	Service Request	Description
44751	N/A	eShield does not detect properly drop/don't scan file extensions, if "?" added at end of url
45437	N/A	connections from 1.1.0.x in connection log
45468	N/A	eShield crashed while changing log settings (under heavy load)
45485	N/A	Restore defaults sets DNS timeout back to 4 hours
46960	1-8849492	Exchange 2003 server is not working when sending email thru eShield.
47563	1-8674120	2nd Load Balancing eShield is not catching SMTP viruses.
47466	1-8697306	At random intervals and for random amounts of time, some clients cannot access the web thru eShield.
50948	1-13325248	No increase of spam detection when percentage of spam probability is dropped.
52942	1-14933975	Load balanced eShields not passing arp requests

List of Fixes:

Issue	Service Request	Description
42234	1-6173833	Fixed restart that occurred under high SMTP and HTTP traffic load.
44922	1-7297851, 1-7500655, 1-7611792, 1-7612327, 1-7635316	Non-incremental SmartFilter updates failing on Z1000
43004	1-6153937	eshield improvement to deal with large files scanning via thread priorities enhancements
43257	1-6389685, 1-6409648, 1-6435493, 1-6650844	Remote access not working after upgrading to package 160
43754	1-6381627	Eshield puts its own IP to send mail under the name of the valid e-mail server
44106	1-6873448	FTP does not work in Netscreen environment with send eshield mac feature
44177	1-6635863, 1-6871076	Eshield updated to deal with Trend changing version numbering
44315	N/A	Registration was being attempted before application had completed initialization.
44847	1-6820736, 1-7548008	Unexpected responses from mail server thru eshield
44969	1-7511104	DNS of AV update server is cached too long
45364	1-7958401	Incremental SmartFilter updates failing on z1000
44529	N/A	Support x-virus-ID for eShield

List of Known Issues

Issue	Service Request	Description
45469	N/A	Disabling send logging corrupts values recently stored.
45459	N/A	POP3 UIDL command not supported.
45445	N/A	Missing graphic on the Diagnostics page
45468	N/A	eShield crashed while changing log settings (under heavy load)
45485	N/A	Restore defaults sets DNS timeout back to 4 hours
44751	N/A	eShield does not detect properly drop/don't scan file extensions, if "?" added at end of url
45437	N/A	connections from 1.1.0.x in connection log

Issue	Service Request	Description
41655	N/A	Some temporary files on filesystem were not cleaned up correctly.
42215	1-6119019, 1-6435429	Antispam pattern timestamps did not reflect the timestamp from the pattern file downloaded.
42334	1-6131693	eShield blocked traffic not compliant with the HTTP protocol sent over the HTTP port. These are now passed through unscanned.
42537	1-6087010	Authentication issues when accessing the Web interface using Netscape 7.1.
42569	1-5964977, 1-6199433	Uploading of images to Web servers failed when passed through an eShield.
42583	1-6261626	Password protected encrypted files were not detected by McAfee scan engine. These files are now detected. (Note: These files are not scanned, as they are encrypted.)
42778	N/A	Modified data logging options in diagnostics page.
42976	N/A	Empty lines were not handled correctly after email anti-spam headers.
43094	1-6263398	Trusted sites were not correctly honored.
43123	1-6171293, 1-6255043, 1-6538635	An alert of insufficient temporary storage space was returned when scanning files that were larger than the configured maximum file size to scan. New alerts display when the compressed or uncompressed file size is larger than the configured maximum file size to scan.
43203	1-6433483, 1-6650878	"Drop files" and "Do not scan" restrictions for file extensions did not work.
43427	1-6420370, 1-6445784, 1-6514851	The XEXCH50 command for SMTP protocol was not handled correctly.
43428	1-5994901	eShield rebooted under certain circumstances when responding to incoming connections through a firewall that denies outbound traffic for those same connections.
43968	N/A	Some IMAP4 alerts did not have correct text.

• System resource allocation optimized for high load situations
• Static ARP entries are now always retained
• Antivirus file restrictions settings are retained after a reboot of the unit
• Very heavy SMTP load no longer causes a restart
• Fixed some instances in which email messages transferred via SMTP protocol were corrupted when being scanned
• Fixed an issue which caused the administrative username and password to become disabled when updating from an older version of eShield (update package 0130 or below) to package 0140 or 0150

• Fixed rare instance where eShield interface would become temporarily inaccessible
• eShield no longer allows the user to enter an invalid value for antispam message size
• Improved HTTP trickling mode performance
• Better handling of SMTP client connections which do not properly follow RFC standard
• Improved synchronization between eShield statistics page and CSV logging
• Fixed rare file scanning problem specific to TrendMicro antivirus scan engine
• Updated support information on the support page within the eShield interface
• Antispam: Further improved handling of email subject lines containing Big-5 Chinese character encoding

• Enhanced handling of HTTP GET requests with extremely large HOST headers
• Fixed rare instance where antivirus and antispam scanning could be delayed for several seconds
• Better handling of simultaneous FTP connections that persist over a long period of time
• Deleting the configuration IP will no longer revert it back to the default value of 1.1.1.5. The previous value will be used instead.
• Information displayed properly on the Antispam page when no subscription is present
• Fixed problem with remote access to the interface from an IP address more than one subnet away from the unit
• Fixed problem with passive mode FTP control session when the server issues a "150 Opening BINARY mode data connection for 'anyfile.txt' (10 bytes)" response
• Antispam: Fixed problem with email subject lines containing Big-5 Chinese character encoding

• Detailed logging format is now customizable
• Anti Virus files restored from backup in case new engine/pattern will not load
• Statistics page redesigned
• New operating modes:
  • EShield IP used as a source for outgoing TCP scanned connections (Send Client IP)
  • Switch friendly load balancing mode (Send eShield MAC)
  • Router mode
• Better handling when loading new Sophos scan engine & pattern files
• Configuration Management: now IP settings can also be imported
• Fixed problems with Customize Messages: wrong Alert sent or no Alert sent
• Arp table: shows current dynamic & static arps & allows manual configuration of static arps
• Ping utility: allows users to test a ping by IP
• ActiveState engine version now displayed in the web interface
• Antivirus Force Update: will download & install current anti virus files
• Customizable Alerts and Substitute Messages: now with US-ASCII and UTF 8 character support
• Fixed problems with JAVA that contains a mixture of HTTP & HTTPS code
• Changed format of Sophos pattern file version for better reporting
• More correct handling of arps
• Don't scan file extensions: fixed problem with file extensions being scanned that are specifically configured not to be scanned
• New Alert sent if maximum simultaneous connections are exceeded. Also sent every hour in which this event occurs & an error message is displayed on the stats page
• Unzip error codes are explained in email Alerts
• Fixed problem with XEXCH50 Command used by Exchange 2000 servers
• More efficient handling of HTTP chunked data
• Fixed bug in IMAP4 handling
• Added option to allow NULL characters in HTTP headers received from server to support specific Java applications
• Fixed problems with Classic Proxy FTP connection via HTTP proxy
• Proxy Server for Updates: eShield can now authenticate to an HTTP proxy server to obtain updates
• HTTP restrictions: can now exempt "Content-Types" from being scanned
• Better disk space management when writing to disk for scanning
• Anti Spam: Blacklist/Whitelist can now be exported & imported for easier management

• Fixed problems accessing the web interface when Classic Proxy is enabled
• Fixed failure to update settings when Configuration IP is changed
• Fixed problems detecting some mimail varients in POP3 connections
• New feature: customizable 'from address' for Email Alerts
• Better handling of SMTP BDAT connections
• Fixed problem with 'AlertErrors.log' not being written to if 'Alert Logging' is not enabled
• Time stamp for Sophos pattern file is now accurate
• URL in virus alerts display properly when older browsers are used
• Fixed anti spam whitelist: it is no longer case sensitive
• POP3 attachments that are larger than the max file size are no longer corrupted
• Fixed problem downloading POP3 mail when remote server closes connection

• Fix for Classic Proxy FTP connections when using HTTP Proxy
• Binding table added to Diagnostic Logging
• Better handling of transparent FTP data connections
• Added Bridge Mode fail safes for more reliability

• Better handling of HTTP 'chunked' data
• Processing Mode now allows delay & trickle settings
• Browser refreshes faster after settings changes
• Binary MIME Messages can be dropped or passed through unscanned
• Fixed situation where Trusted Sites did not work properly
• Fixed FTP upload problems in Secure Processing Mode
• Fixed FTP download of Forbidden file extensions (FTP client would hang)
• HTTPS connections now supported in Classic Proxy Mode (still unscanned)
• Improved Email parsing of undeliverable messages
• Fixed formatting of Alert: AV Engine Update Failed

• AntiSpam capability added to the eShield platfrom via Sophos antispam engine
• Home page indicates date/time of current statistic data
• Fix for McAfee ASaP connections
• eShield inserts antispam X-fields in message header
• Firmware Update page now displays correct information for next scheduled check for update
• Classic Proxy functionality added for HTTP, FTP & POP3
• Ability to show only Email header in Alert messages
• More reliable calculation of timed intervals (Alerts, update checks, etc.)
• Better handling of Email decoding when using Trend & McAfee scan engines
• Enhanced auto update process (there were some cases where auto updates would fail)
• %Server variable now available in alerts

Please note that the SecureComputing SmartFilter and Sophos Anti-Spam engines are not available on the earliest generation AVStripper AntiVirus Appliances due to hardware restraints. The easy way to verify whether your customers' original AVStripper unit can handle the eShield SmartFilter and Anti-Spam modules is by simply upgrading to this latest firmware version. When the SmartFilter and AntiSpam modules become visible and are listed in the left menu of the User Interface, the customer will also be able to activate the SmartFilter and Anti-Spam functionalities of his originally purchased AVstripper product, if the customer desires to do so. These customers will only need to purchase the respective licence keys of their choice.

• Minor change to loading of Sophos engine on older hardware units

• AVStripper name changed to eShield
• Help files added to the Interface
• Home page statistics no longer reset after settings changes, resets, or reboots
• SiteFiltering capability added (eShield combines the functionality of AVStripper and SiteStripper)
• Added ability to create Read-Only user access to the Interface
• Support for multiple remote access users to the Interface
• Two alerts added-File was dropped, Page blocked
• Length of original message text included in alert emails configurable by user
• New Feature: Firewall Filter-Can filter traffic based on IP and/or port
• Added ability to set the system time of the eShield unit
• Additional Logging added-Connection Data, Packet, and Diagnostics logging
• Added ability to export/import eShield settings configuration
• Enhanced Watchdog functionality
• Fixed problem during antivirus update when under heavy load
• Fixed problem with corrupted/truncated files during slow FTP transfer

• Fixed time-outs during long FTP downloads
• Support for UU encoded attachments without BEGIN/END
• Fixed rare problem where compressed/encoded files failed to be decompressed properly
• Improved handling of certain malformed IMAP mail
• Fixed rare Outlook hang during IMAP mail session
• Removed case-sensitivity from SMTP Relay settings
• Fixed text substitution of viral code when using chunked HTTP transfer mode
• Log files will now display properly in browser window when quoted material is contained within those logs
• Fixed inconsistent behavior of pass-through traffic when AV subscription is expired and subscriptions page is set to allow traffic to pass while the AV subscription is expired

• Fixed unresponsiveness during massive 'ping flood'
• More descriptive alert for 'File too big' when the file is within an archive
• Improved fail safes when system resources are low
• Fixed scanning of large .tar.gz files
• New troubleshooting logs: InternalErrors.log & InternalInfo.log
• Fixed HTTP connections to www.theonion.com
• More robust watchdog fail safes
• Fixed rare problem decoding a particular e-mail message
• Improved handling of Sophos anti virus updates
• Fixed FTP client time-outs when Processing Mode is set to Transparent
• InternalErrors.log - Logs problem conditions like low memory, watchdog failure, etc. InternalInfo.log - Indicates latest driver reload

• Anti Virus delay messages modified (this may have caused problems with some mail applications)
• Fixed problems downloading .pdf files
• Watchdog functionality expanded to be more reliable
• Eliminated web interface delay when it is not needed after settings changes
• Optimized handling of low memory conditions
• Enhanced processing of large 'chunked-encoded' web pages
• More efficient handling of FTP downloads of multiple files at once
• Better handling of scanned protocols on non-standard ports

• Automatically blocks new SQL server worm (SQLP1434.A, W32/SQLSlammer, W32.SQLExp.Worm, Worm.SQL.Helkern, DDOS_SQLP1434.A)
• Fixed bug where SMTP authentication did not work through AVStripper
• Fixed bug where some chunked-encoded web pages were being classified as 'Too Big' & passed through unscanned
• New Feature: Processing Mode added to Anti Virus settings
• Several reliability fixes including problems handling multiple email alert addresses
• Changed web interface delay from 5 seconds to 1 after certain settings changes (for error messages 5 second delay is still used)
• New Feature: Heuristic parameters added to Anti Virus settings
• Better handling of large files when Processing Mode is set to Most Secure
• Fixed bug where some users could not download components from Windows Update
• Enhanced handling of 'quoted printable' mime encoding
• If files within an archive have the same CRC checksum AVStripper considers this to be OK
• Improved handling of BDAT SMTP server command
• Processing of idle connections has been optimized
• Proxy authorization now works through AVStripper
• Download progress indicator is now displayed properly on the Home page
• More secure processing of partial files (download managers use this)
• Added support for Network Associates Inc. (McAfee) as an Anti Virus provider
• Better handling of mime decoding
• Fixed bug where AVStripper would block traffic even though a valid serial number had been entered (if Block all traffic is selected on the Subscriptions page)
• New Feature: SMTP Relay Control
• Fixed bug requiring a restart after entering a new anti virus license
• Better e-mail Alerts when a new Anti Virus vendor is used
• Improved handling of HTTP 1.1 connections when a virus is found

• Supports Sophos, Panda, and Trend engines
• Significant speed improvements resulting in up to 70% performance increase
• 'Do not scan extension' setting extended to files inside compressed archives
• Added option to block or pass traffic when subscription times out. The default expiration behavior was changed from 'block traffic' to 'pass traffic'.
• Added some rules to prevent problems with interface availability.
• Fixed route table bug in web interface
• Added access to web interface on port 2080
• Added support for TLS over SMTP
• Several enhancements optimizing email scanning
• Disabled SMTP pipelining
• Fixed several bugs, esp. in email handling.
• Fixed crash in empty-email parser
• Fix for incorrectly reported content-length in http
• Apple-com fix [loosened http formatting check]
• TCP keep-alive packets disabled for http connections
• Suppressed server response allowing incremental message downloads
• Increased maximum allowed command size for IMAP4
• IMAP outlook problem fixed
• Optimized file-deletion subsystem
• Routing table fixed for subnet-length
• Before soft reboot, terminate (FIN) all active connections
• New grace period if running without subscription is 2 days
• Added support for 'Restore Factory Defaults' button
• Several other somewhat minor bug fixes

• Now when both network interfaces are plugged into the same hub/switch you can still get into the web interface
• Fixed problem when web mail was forwarded as an attachment. Now entire message will be scanned to determine if it contains any viral code
• Fixed problem with some HTTP handling that would cause AVStripper to 'hang'
• Fixed rare connectivity issues when disabling/enabling FTP scanning. Now functionality is the same either way
• Fixed problem with large e-mail attachments getting corrupted with some mail servers
• Fixed problem with some SMTP handling that would cause AVStripper to 'hang'
• Optimized virus scanning for faster through put
• Optimized non-scanned protocols for faster through put
• Automatic Update page now shows version currently installed, upgrade interval & next scheduled check
• Enhanced MIME encoded e-mail parsing for more reliable virus scanning
• Fixed Active FTP problem under certain configurations

• Load balancing can be enabled/disabled from Interface Settings
• Cosmetic changes to Interface Settings page to avoid confusion
• Fixed AV max file size limit problem with HTTP POST
• Fixed image problems in the web interface
• Fixed problem with prohibited file extensions: user would not receive error web page back
• Fixed statistics on home page
• Support for entering multiple e-mail addresses in Alerts settings
• Better error messages in case POP3 authorization fails for Alert e-mails
• Transparency table, used for ICMP redirects (this feature must be enabled by a Blue Coat technician
• All Alerts can now be logged to a file
• HTTP Post fix (for web mail)
• HTTP 1.1 content encoding fixed
• Alert email sending changed: now it first attempts to connect using EHLO
• Checks for Anti Virus updates every hour (previous setting was 3)
• Additional ports for protocol scanning (treat port 26 like SMTP, etc)
• Alerts & Substitute can now be customized
• New Alert: Successful Update (this is sent when AVStripper is updated to a new version)
• New Alert: Notify email sender that mail contained a virus
• Fixed problem with forwared mail containing viruses
• Interface web page shows ****** if a password actually has been set
• Web session timeout value can be set from interface (for a password protected Admin page)
• Resuming downloads of updates (previously we started over if the connection was lost)
• Fixed problems with some web pages being identified as 'Unsupported Compression Methods'
• FTP fix: ability to scan IPV6 connections
• Exchange Server fix: under specific configurations some Exchange servers would not receive mail from other Exchange servers
• Connection view shows progress of update downloads
• Anti Virus updates can be downloaded through a Classic or Socks proxy
• Test Connectivity feature: AVStripper attemptd to connect to www.ositis.com/tests/testconnectivity.asp. If this connection is Not successful an error message appears on the home screen
• Support for NTLM & Citrix authentication through port 80
• Removed 403 error messages for improperly formatted HTTP headers
• Added scanning of all files within archives
• Fixed scanning of uuenceded mails from Exchange
• Maximum file size cannot be set higher than 512MB
• Fixed bug causing AV alert "max filesize exceeded" on small web pages. This was happening when server returned HTTP1.1 "chunked" web pages
• Fixed routing table web interface (show IPs entered by user)
• Remote logging now supported with ConnLog.exe (available for download from web interface) or to a Syslog
• AVStripper attempts to connect to: http://www.ositis.com/cgi-bin/DNSList.asp if the DNS servers entered into the web interface are not working
• Fixed problems accessing HTTPS server through a Classic proxy
• Fixed IMAP4 problems (previously client would 'hang' when attempting to save Sent Items to the server)
• Home page shows Current Avg (per second). This is a rough through-put figure