****************************************************************** README File for MailGate Anti-Virus Extension Version 3.3/4/5 (C) Copyright 1998/2002. Mailgate Ltd. All Rights Reserved. This document contains information regarding the fixes and enhancements for MailGate releases which supplements User's Guide and Online help. IMPORTANT NOTE - Due to internal changes in the core system, use of this release requires the core system to be version 3.3.150 or later. ****************************************************************** Version 1.2.40 ( 11th Mar, 2002 ) ****************************************************************** 1.1 ENH0075 - When an attachment is removed the module now renames the removed file to "Removed Attachment (originalfile).txt" for easier identification. 1.2 ENH0094 - Changed the Auto-Update default From: address to *sophos.com to allow to a change in Sophos's service. This setting will be changed by upgrading. 1.3 SDR0146 - Corrected the addresses used for virus notification messages sent to the system administrator. 1.4 SDR0150 - Fixed a problem when preparing to scan attachments with very long filenames. 1.5 SDR0151 - Fixed a possible problem with MIME message handling identified while investigating other issues. 1.6 SDR0152 - Fixed a possible problem with the handling of RFC822 type attachments (one email attached to another). This also identified while investigating other issues. ****************************************************************** Version 1.2.39 ( 1st Nov, 2001 ) ****************************************************************** 1.1 Extension released in MailGate 3.5.168 ****************************************************************** Version 1.2.38 ( 11th Oct, 2001 ) ****************************************************************** 1.1 SDR0135 - Corrected an issue writing the work file when the filename includes '?' characters. ****************************************************************** Version 1.2.36 ( 31st July, 2001 ) ****************************************************************** 1.1 Module now included in the MailGate Installer. ****************************************************************** Version 1.2.35 ( 24th July, 2001 ) ****************************************************************** 1.1 SDR0123 - Some emails produced by the Sircam-A are incorrectly formatted. This can cause MailGate to crash when it tries to write the attachment for scanning purposes. This is now corrected. ****************************************************************** Version 1.2.34 ( 7th June, 2001 ) ****************************************************************** 1.1 ENH0054 - Added support for 'Generic Mode' scanning. This makes use of 'On Access' AV scanners preventing the opening of an infected file, enabling the extension to be used with most AV products, though with reduced functionality. 1.2 ENH0056 - Moved the Virus Scanning Mode selection from the installer to the About Tab. This enables easy switching of the mode after inastall. 1.3 SDR0105 - Fixed a problem where encoded attachment data sent as a single long line could cause MailGate to terminate abnormally. ****************************************************************** Version 1.1.32 ( 23rd April, 2001 ) ****************************************************************** 1.1 SDR0097 - Fixed a problem with the decoding of some attachments where certain characters were decoded incorrectly. 1.2 SDR0099 - Certain type of Virus were incorrectly reported as a 'ragment' virus on a Win9x platform. This is now corrected. ****************************************************************** Version 1.1.31 ( 28th March, 2001 ) ****************************************************************** 1.1 Some users have reported occasional logged errors from the extension. Several changes made to generally improve module stability and error reporting. 1.2 SDR0086 - Fixed a problem where it was not possible to add a second line to the 'Don't Scan Mine attachments...' entry. ****************************************************************** Version 1.1.30 ( 21st Nov, 2000 ) ****************************************************************** 1.1 SDR0059 - If the evaluation period was allowed to expire all incoming mail would be returned to the sender. This mail is now passed through but not scanned and an email sent to the system administrator to warn that the evaluation is expired. 1.2 SDR0064 - Corrected a problem with informational messages not being written to the log file when an update notification mail is received. 1.3 SDR0069 - Modified the method used for deletion of temporary files for compatibility with other extension modules. 1.3 SDR0074 - Corrected how MailGate reacts to an update to the Sophos interface files in an NT environment. MailGate will now reinitialise the interface after an update has been installed. ****************************************************************** Version 1.1.25 ( 20th July, 2000 ) ****************************************************************** 1.1 SDR0049 - Corrected spelling errors in UI screen. 1.2 SDR0050 - Modified the creation of notification sent to the end recipient of an infected email. Notification is now provided in the form of an attachment to resolve some issues with clients which default to displaying HTML data instead of plain text data. 1.3 SDR0058 - Added an option to force SAVI to scan in 'Full Mode'. This is required to correctly identify certain types of virus. 1.4 ENH0038 - Modified the install process to allow the user to select either the Sophos SAV or SAVI interface. Previously this was controlled by the checking the operating system being used. 1.5 ENH0038 - Added a path specifier to identify the location of the Sweep .exe when using the SAV interface. The DOS sweep may now be installed independently of the 95/98 product. AFTER UPDATING TO THIS VERSION PLEASE CHECK THIS SETTING. 1.6 ENH0038 - Added the ability to spawn a batch process based on the receipt of an email with a specified subject. This may be used to trigger an auto-update process. For more detail on using Auto Update - see below. 1.7 Changed the handling of encrypted archives when using the Sophos SAVI interface. These attachments were returning invalid error codes. ****************************************************************** USING THE MAILGATE - SOPHOS AUTO UPDATE FACILITY. Sophos supply a HTTP file collection utility called SGET which may be used to collect both program updates and new virus IDE's. Sget may be used through the MailGate proxy server. This note refers to using Sget in conjunction with MailGate to automatically update the IDE files when notification of a new Virus is received. Similar principles could be used to automatically update the program files. For details on how this may be achieved please refer to the Sophos web site. Introduction ------------ Sophos provide a virus notification email service which all registered users may subscribe to. When a new virus is indentified an email is sent with details of the virus. Virus library intermediate updates are performed by distributing virus identity (IDE) files. A full collection of the updates for the current release of the AV software is available as a single download. The MailGate Auto Update system operates by identifying the notification emails and then triggering a batch process to download and distribute the current IDE files then trigger the Sophos software update. Installation ------------ To use the Auto Update system there are a number of requirements which must followed when installing the system. Sophos NT Install: - The Sophos NT product must be installed by using the central installation and automatic update method. Please refer to the Sophos manual for full details. - The Intercheck Server option is required for auto update but the Intercheck client must not be used on the MailGate machine. - If you are using the SAV product and also wish the workstations to be automatically updated, make a central install of the win95 product. Note the NT install must be completed first and the path to the Intercheck server must use the share name. Sophos 95 Install: - The Sophos 95 product must be installed by using the central installation and automatic update method. Please refer to the Sophos manual for full details. - MailGate also requires the Sweep for DOS product to be installed on the MailGate machine. Update Tools Install: - Create a working folder for the update process to use (c:\sav_up) - Copy the sample sav_up.bat file provided in the MailGate folder into the working directory. - Locate a zip file unzip utility which can be command line activated (eg pkunzip.exe) and copy to the working directory. - Locate a copy of the Sophos Sget utility (see the Sophos CD or web site) and copy to the working directory. Ensure the PC internet setting are set to use the MailGate proxy server. - Edit the sample sav_up.bat to suit your installation. - Optionally, create a short-cut to the sav_up.bat so that an update can be manually triggered if desired. MailGate Install: - Use the Gateway/Extensions option to access the Virus Extension configuration screen. Set the 'run command' option to point to the sav_up.bat file in your working directory. How It Works ------------ When a notification mail is received the AV extension will add a line to the MailGate log file saying 'Virus alert email detected' and trigger the update batch file sav_up.bat. The batch file will make Sget collect the current IDEs, unzip them and copy them to the central install folders. It then runs the Sophos setup program in update mode. This incerments a flag counter in the sav.cfg file to indicate an update has occurred and the next time a local installation checks this flag the update will be performed. In the event of a failure in getting the IDE zip file, a file called failure.txt is written to the working directory. Note on IDEs ------------ To keep your system totally current with the latest IDE set, after loading a new CD release of the Sophos product to your central install directories, you should delete all the current .ide files then manually trigger the IDE collection process. This will ensure the IDE set installed correctly matches the Sophos revision.