Enterprise Prime Support Newsletter - 05/24/2002

 Introduction

Greetings! Please take some time to review the newsletter and send any feedback to your ESAM. Our goal is to keep you informed of our product releases, software updates, and tips on using the product successfully.

Webinars

Webinars are web based slide presentation's with audio.  Presentations will last approximately 2 1/2 hours.  The last thirty minutes will be Q & A session; you will be able to ask any questions about the product from the Webinar. 

Here are the proposed topics until the end of the year:

June 19 GroupShield Domino
July 17 ePolicy Orchestrator
August 21 VirusScan ASaP
September 18 NetShield NT repeat
October 16 VirusScan Multiplatform
November 20 GroupShield Exchange repeat
December 18  NetShield NetWare

For more information about Webinars and dial-in numbers please contact your ESAM.

 
 In This Issue:



Virus Advisory

Full details of the following viruses and hoaxes can be found at: 
http://vil.nai.com
We recommend you monitor the following page, as new virus alerts and description will be posted here: 
http://vil.nai.com/VIL/newly-discovered-viruses.asp
A good, independent site for hoax information can be found at: 
http://hoaxbusters.ciac.org/
Latest Editions
Virus Advisory: W32/Benjamin.worm
Risk:  Low-Profiled Minimum DAT:  4204 Minimum Engine:  4.1.50
http://vil.nai.com/vil/content/v_99495.htm
Virus Advisory: QDel234
Risk:  Low Minimum DAT:  4205 Minimum Engine:  4.0.70
http://vil.nai.com/vil/content/v_99496.htm
Virus Advisory: JS/SQLSpide.a.worm
Risk:  Low-Profiled Minimum DAT:  4204 Minimum Engine:  4.0.70
http://vil.nai.com/vil/content/v_99500.htm
Virus Advisory: JS/SQLSpide.b.worm
Risk:  Low-Profiled Minimum DAT:  4204 Minimum Engine:  4.0.70
http://vil.nai.com/vil/content/v_99499.htm




Driver Updates

The 4204 DAT File for weekly v4x (DAT Only)
http://www.mcafeeb2b.com/naicommon/download/dats/mcafee_4x.asp
The 4160/4204 SuperDAT File for v4x (DAT + Engine) 
http://www.mcafeeb2b.com/naicommon/download/dats/superdat.asp
The 020508 version of DAT files for Virex 
http://www.mcafeeb2b.com/naicommon/download/dats/find.asp


WebShield SMTP Version MR1a Hotfix 6

PURPOSE

This Hotfix includes one updated archive file for use with McAfee WebShield MR1a software. This new file resolves the issues described in the section "RESOLVED ISSUES". Previous Hotfixes do not need to be installed before you install this Hotfix. 

This Hotfix replaces all previous McAfee WebShield MR1aHotFixes

RESOLVED ISSUES

1. This Hotfix resolves an issue seen with Hotfix 5 failing to decode a boundary marker and interpreting mails as corrupt which were previously not treated as corrupt. 

2. This Hotfix resolves an issue with WebShield boundary checker attempting to validate inside speech mark encapsulated e-mail address local part. "user name"@domain.com Even though the username contains an non RFC compliant character since it is encapsulated in speech marks it is acceptable under the RFC. This is now accepted as a valid e-mail address. 

3. This Hotfix resolves an issue with a message being written to the Event logs every time an RTS message was generated. 

4. This Hotfix resolves an issue with infected UUEncoded e-mail that contained a cleanable infected item. These e-mails are now cleaned correctly 

5. This Hotfix resolves an issue with an e-mail attachment that has a name longer than 200 characters. These attachments are now scanned correctly. 

6. This Hotfix resolves an issue with UUEncoded e-mail messages that have embedded END strings not triggering content filters. These items are now content filtered correctly. 

7. This Hotfix resolves an issue with UUencoded e-mail messages that contained very long attachment filenames. The filename is now checked. 

8. This Hotfix resolves an issue with MAILSCAN.EXE causing 100% processor utilization with e-mail messages that do not contain a termination line. 

9. This Hotfix resolves an issue with malformed Mime and UUEncoded e-mail resulting in a .TMP file being left in the TEMP directory. 

10. This Hotfix resolves an abnormal termination issue when content filtering message subject lines that contained non-ASCII characters.

 

Hotfix 3 for WebShield E50 Version1

Purpose

This Hotfix includes one updated archive file for use with McAfee WebShield E50 software. This new file resolves the issues described in the section "RESOLVED ISSUES". Previous Hotfixes do not need to be installed before you install this Hotfix. 

This Hotfix replaces all previous McAfee WebShield E50 Hotfixes. 

Resolved Issues 

1. This Hotfix resolves an issue seen with Hotfix 2 failing to decode a boundary marker and interpreting mails as corrupt which were previously not treated as corrupt. 

2. This Hotfix resolves an issue with WebShield boundary checker attempting to validate inside speech mark encapsulated e-mail address local part. "user name"@domain.com Even though the username contains an non RFC compliant character since it is encapsulated in speech marks it is acceptable under the RFC. This is now accepted as a valid e-mail address. 

3. This Hotfix resolves an issue with a message being written to the Event logs every time an RTS message was generated. 

4. This Hotfix resolves an issue with infected UUEncoded e-mail that contained a cleanable infected item. These e-mails are now cleaned correctly 

5. This Hotfix resolves an issue with an e-mail attachment that has a name longer than 200 characters. These attachments are now scanned correctly. 

6. This Hotfix resolves an issue with UUEncoded e-mail messages that have embedded END strings not triggering content filters. These items are now content filtered correctly. 

7. This Hotfix resolves an issue with UUencoded e-mail messages that contained very long attachment filenames. The filename is now checked. 

8. This Hotfix resolves an issue with MAILSCAN.EXE causing 100% processor utilization with e-mail messages that do not contain a termination line. 

9. This Hotfix resolves an issue with malformed Mime and UUEncoded e-mail resulting in a .TMP file being left in the TEMP directory. 

10. This Hotfix resolves an abnormal termination issue when content filtering message subject lines that contained non-ASCII characters.

 

GroupShield Domino 5.0a Hotfix 7 

New issues resolved by this Hotfix: 

Item 30 - Now functioning correctly. 

Item 36 - Improved capability for handling mal-formed MIME messages. 

Now functioning correctly. 

30. This Hotfix addresses an issue with infected ZIP files being deleted. GroupShield Domino now attempts to clean the file. 

Resolved Issues 

36. This Hotfix has improved capability for handling mal-formed MIME messages.

 

End of Life: Windows 95, Windows 98, and Windows ME Platforms

Summary:

  • This memo supercedes all previously published information. 
  • The End of Life for support of Windows 95, Windows 98, and Windows ME platforms is 30 June 2004. 
  • VirusScan 4.5.1 SP1 is the last commercial anti-virus release that will support the Windows 95, Windows 98, and Windows ME operating systems. VirusScan 4.5.1 SP1 will be supported until 30 June 2004 to provide AV protection on Win95/98/ME until users can migrate to newer operating systems. 
  • The next VirusScan release - VirusScan Enterprise 7.0 - will support Windows XP, Windows 2000, Windows NT 4 and an array of Microsoft server operating systems but will not support Windows 95, Windows 98, and Windows ME. 

Details: 

  • Product: VirusScan 4.5.1 SP1 is the last version that will support the Windows 95, Windows 98, and Windows ME operating systems. Future releases of VirusScan will support Windows NT 4 and greater. In order to provide AV protection for Win95/98/ME workstations while customers migrate to newer operating systems, VirusScan 4.5.1 SP1 will be supported until 30 June 2004. The End of Support (EOS) date for VirusScan 4.5.1 SP1 and the End of Life (EOL) date for the Win95/Win98/WinME platforms are the same date - 30 June 2004. Support for VirusScan 4.5.1 SP1 during this extended period will include Technical Support, bug fixes as needed, and/or additional service packs as needed. Feature enhancements (new capabilities never provided before) will not be added to VirusScan 4.5.1. 
  • AV Engine: New anti-virus engines released before 30 June 2004 will be compatible with VirusScan 4.5.1 SP1 and Win95/Win98/WinME platforms. New engines released after 30 June 2004 will not be tested for compatibility with VirusScan 4.5.1 SP1. 
  • Technical Support: Technical Support for VirusScan 4.5.1 SP1 and the Win95/Win98/WinME platforms will be provided until 30 June 2004.

 

MAGIC: Magic Mail Queue and MAPI Resolution Hot-fixes

Recently released are several patches for Magic Mail Queue and MAPI resolution issues. Each patch contains documentation describing the patch and its application. This article contains general information about the patch, what it addresses, and how to install it. To get a copy of a desired patch, contact your ESAM.

1) MMQ Patch 7.2

This is the full MMQ Patch for Magic 7.2 including the mail queue and a new MAPI component. Use it on Magic Web servers running the MBA Job and Mail queues. The patch file includes a full install.

Issue addressed: The Mail queue stops processing inbound and outbound mail. No errors appear in DebugView, the system message monitor or the event viewer. The mail queue may appear to be running, showing a “green light” status in Business Rules Settings, but no processing occurs.

How the patch addresses the issue: This patch configures the Magic 7.2 Mail queue with an automatic restart mechanism. It replaces some .dll and .asp files, and further rearranges some Magic component packages.

Important: This patch should only be applied on servers functioning as Magic Business Rules servers. To install, simply run the executable from the Magic Application server processing Business Rules. A reboot is required.

The MMQ fix, when in place, will indicate “heartbeat interval” messages in DebugView.

2) MMQ Patch 7.5

This is the full MMQ Patch for Magic 7.5 including the mail queue and a new MAPI component. Use it on Magic Web servers running the MBA Job and Mail queues. The patch file includes a full install.

Issue addressed: The Mail queue stops processing inbound and outbound mail. No errors appear in DebugView, the system message monitor or the event viewer. The mail queue may appear to be running, showing a “green light” status in Business Rules Settings, but no processing occurs.

How the patch addresses the issue: This patch configures the Magic 7.5 Mail queue with an automatic restart mechanism. It replaces some .dll and .asp files, and further rearranges some Magic component packages.

Important: This patch should only be applied on servers functioning as Magic Business Rules servers. To install, simply run the executable from the Magic Application server processing Business Rules. A reboot is required.

The MMQ fix, when in place, will indicate “heartbeat interval” messages in DebugView.


3) NAMMapiProc - Mutex version.

This is for application on either Magic 7.2 or 7.5 web servers. It is manually installed, and is not required if the MMQ Patch is installed.

Issue addressed: Performing an MAPI resolve of an email address in the CLIENT or STAFF modules can cause a lockup from the workstation performing the resolve. This issue has only been identified on MS Exchange users.

How the patch addresses the issue: This patch contains a file, nammapiproc.dll, which has been modified to better process MAPI resolves.

Rename the original nammapiproc.dll in the …\Magic Enterprise\dlls folder then copy the file included in the patch file into that folder. To activate the new .dll, reboot the Magic Web/Application server.

When the new .dll is functioning correctly, “MUTEX” messages will appear in DebugView.

4) Notes Resolve Patch

This is for Magic 7.5 customers using the Lotus Notes Mail System. It is manually installed and can be applied to all Magic 7.5 Web/Application servers. It resolves Memory Leak issues experienced with Magic doing MAPI resolution with Lotus Notes Mail.

Issue addressed: When using the Lotus Notes Mail System, performing MAPI resolves of email addresses in the CLIENT or STAFF modules causes a memory leak. Multiple resolves will eventually drain the system of resources.

How the patch addresses the issue: The patch file consists of the following files for Magic 7.5 (only):

Namresolvenotes.dll
Lcppn21.dll
Ambignames.asp

Install the fix on a Magic Web application server as follows:

1. Copy namresolvenotes.dll and lcppn21.dll into the directory containing the Lotus Notes client application (\lotus\notes by default).

2. Use regsvr32.exe to register namresolvenotes.dll.

3. Create a new package in component services as a SERVER APPLICATION, and name it Magic Resolver.

4. Associate the namresolvenotes.dll to the Magic Resolver package as a new/empty component.

5. Backup the existing ambignames.asp file in \Program Files\Magic Enterprise and copy the file contained in the patch to that folder.

6. Reboot the Magic application server.

This hot-fix will display messages such as “constructing NativeNotesEmail” in DebugView when it is performing MAPI resolution functions.

 


McAfee is a business unit of Network Associates, Inc.
© 2002, Network Associates, Inc. and its affiliated Companies. All Rights Reserved.
Privacy Policy Statement.
  Recently Updated Threats  
 
- W32/Zmist.gen
- JS/Seeker.gen
- JS/SQLSpida.a.aworm
- JS/SQLSpida.b.worm
- QSD12
- W95/Elkern.cav

 

  Latest Virus Info  
 
- Virus Alerts
- Virus Information Library
- Newly Discovered Viruses
- AVERT Removal Tools
- Anti-Virus Tips

 

   Downloads  
  Product Upgrades
Download the latest Product Upgrades.

Click Here

 		 
  Product Lifecycle
Information on current and previous versions of the Engine and products and providing advance notification of End-of-Support or End-of-Life milestones.

Click Here

 		 
  SecureCast
Enterprise SecureCast delivers McAfee software updates and upgrades to Network Administrators.

Click Here

 		 

  BETA Program  
 
- GroupShield Domino

 

  Top 10 Viruses  
 
W95/Elkern.cav.c
W32/Nimda.eml
W32/Klez.e@MM
W32/Nimda.gen@MM
JS/IEstart.gen
VBS/Loveletter@MM
JS/NoClose
VBS/Haptime@MM
W32/Klez.gen@MM
JS/Kak@M

 

   Events  
  WebCast
Experience product demonstrations and then ask the tough questions in a Q & A session. McAfee WebCasts have been highly praised and are extremely popular with attendees from all over the world.

Click Here