=============================================================================== RELEASE NOTES FOR F-Secure Internet Gatekeeper for Linux 4.00.2138 =============================================================================== 1. General This file contains important information regarding the F-Secure Internet Gatekeeper for Linux. We strongly recommend you read the entire document. What's in This File * System Requirements * Product Contents * New Features * Known Issues * Installation * Contact Information and Feedback 2. System Requirements To use F-Secure Internet Gatekeeper for Linux 4.00 on a computer the computer must: * Be x86 compatible (2Ghz or faster recommended) * Have at least 512 MB of RAM (1 GB or more recommended) * Have at least 5 GB of free disk space (20 GB recommended) * Have one of the following Linux distributions installed: * 32-bit: * Asianux Server 3 * Asianux 2.0 (MIRACLE LINUX 4.0) * Asianux 1.0 (MIRACLE LINUX 3.0) * CentOS 4/5 * Debian GNU/Linux 5.0 * Red Hat Enterprise Linux 3/4/5 * SuSE Linux Enterprise Server 9/10/11 * Turbolinux 10 Server/11 Server * Ubuntu 8.04 * 64-bit: * Asianux Server 3 * Asianux 2.0 (MIRACLE LINUX 4.0) * CentOS 5 * Debian GNU/Linux 5.0 * Red Hat Enterprise Linux 4/5 * SuSE Linux Enterprise Server 9/10/11 * Turbolinux 10 Server/11 Server * Ubuntu 8.04 * Support for other and newer Linux distributions will be announced in future releases and/or on our web site. For up-to-date information about supported platforms, please see our Knowledge Base: http://www.f-secure.com/en_EMEA/support/business/ 3. Product Contents F-Secure Internet Gatekeeper for Linux is a gateway product that acts as a virus scanning proxy for HTTP, SMTP, POP, and FTP protocols. The product has an easy to use Web User Interface for configuration management and for starting and stopping the different proxy services. Malware scanning is implemented using F-Secure's scanning technologies that provide outstanding protection level and fast automatic updates to the scanning engines and anti-virus databases. F-Secure Internet Gatekeeper for Linux is localized to English and Japanese. 4. New Features This version introduces following improvements to previous versions. 3.03.1299=>4.00.2138 * Better malware scanning capabilities and performance improvements using F-Secure's new scanner engine Aquarius. This new engine replaces the AVP engine used in previous product version. * Improved spam detection capabilities with a new spam detection engine. The engine is on by default if spam scanning is enabled, and can be configured through the Web User Interface. * A Debian package (.deb) is now available for supported Debian-based distributions (Debian, Ubuntu) * Added support for Debian 5.0 64-bit version. * Spam settings changed, RBL/SURBL feature is now disabled by default. * Updating from previous version automatically disables RBL/SURBL. * Spam database feature is disabled by default and not available in the Web User Interface anymore. If you need this feature, please enable it in the configuration file. * On RBL settings, default excluded IP addresses have been changed from 127.0.0.1 to 127.xx.xx.xx. * Web-UI: Removed broken link to manual. * Changed most shell scripts to use /bin/bash instead of /bin/sh. This makes the product depend on bash, which should be available by default on all supported distributions. * Added support for FTP's MLSD command(on RFC-3659) to work on FireZilla. * Fixed CTS-70417: IGK3.02 webUI transferes wrong time to logconv. * Added User-Agent("Mozilla/4.0 (compatible; Win32; Commtouch Http Client") to default excluding User-Agent ("pass_user_agent_system_list" in ini file). This change was done to allow F-Secure Anti-Spam Engine faster access to F-Secure servers through a proxy running this product. * Automatic Update Agent was updated to 8.25.3665 to fix a potential problem with database updates. * On POP, changed to show STLS not-supported. * F-Secure logo has been changed according to the new F-Secure brand. * FIXED: block_filesize/block_filesize_len settings did not work for FTP over HTTP. * Changed not to detect e-mail containing "Content-Type: message/partial" in the message body even if both "virus_check_text"(Scan the e-mail message body) and "block_partial_message"(Blocked e-mail content: Partial messages) was enabled. * Importable database file is changed from fsdbupdate.run to fsdbupdate9.run. * Automatic database updating is enabled by default, and if automatic update is enabled, installation or upgrading run database updating script(dbupdate). * Fixed a potential database update error("Could not connect to AUA (30)") in some situation like NFS environment. 3.02.1221=>3.03.1299 * Added support for following distributions: Debian GNU/Linux 5.0 (32bit) SUSE Enterprise Linux 11 (32bit) SUSE Enterprise Linux 11 (64bit) * FIX: rc.fsigk_admin cause following cosmetic error after rebooting. "cat: /proc/xxxx/cmdline: No such file or directory" * FIX: From WUI, diagnose information is not downloaded when hostname does not have IP address. Changed to use hostname "unknownhost" on that case. * Changed to show logger error even if the logger process exit with zero. * Changed proxy_smtp.c to output ACTION:DENY on detect.log if e-mail is blocked by block_messagesize/block_messagesize_len. * Changed logconv to support over 2GB file. * Changed rc.virusgw_fsavd to show correct result on "status" option. * Updated JRE from 1.6.0_07 to 1.6.0_14 * Changed to show ACTION:DENY on log if action=pass and SMTP message is blocked by block_messagesize/block_messagesize_len. * Changed maximum user-agent buffer from 200 to 1000. * Fixed issue that WUI's NAT setting page does not show correctly if iptable command's transfered bytes part includes other than number like "1992K". * Fix: Cannot start services after reboot on SuSE. Added Should-Start/Should-Stop: XXX_fsavd to initscripts. * Fix: WUI: cannot enable/disable FTP user restriction * Allow the case that " "(space) is followed after chunk-size on HTTP/1.1. It is needed to see www.dazuko.org on http/1.1, at least. * Changed not to use inet_ntoa that cause TLS problem(hanging) on SuSE11. * Added "no-cache" response header to .jsf response to avoid error come from cached jsf. * Fixed: Installation cause following error on SuSE11. cp: cannot stat `/home/virusgw/conf/spam/custom.txt-tmp': No such file or directory * Fixed issue that Web-UI's version page does not show FMlib version. * Fixed the issue that multiple installation failes if prefix includes "/home/virusgw" like "make install prefix=/home/virusgw2 suffix=virusgw2". "prefix=/home/virusgw22" was written on rc.virusgw_fsaua, etc, by wrong multiple replacement. * Changed init script structure, rc.virusgw is now sourced from different protocol init scripts (which are no longer symlinks) * Fixed a issue that FMlib/fsavd version was not correctly shown. "strings" command (part of binutils) does not exist on Ubuntu server edition by default... * Changed WUI's template editting page to set default language to english on english page. * Changed default proxy host to example.com domain. * Removed manual from package itself * Updated WUI link to IGK support page. * Changed WUI to show alert if JavaScript is disabled. * WUI: Changed to show product build number in addition to version number. * Changed dbupdate to remove existing database before importing fsdbupdate.run * Added the proper LSB header to rc.virusgw_fsavd to make Debian50 work. 2.16=>3.02.1221 * New, improved Web User Interface * New scanning engine (FSEngine) which replaces the obsolete Libra and Orion engines * Updating mechanism is implemented using F-Secure Automatic Update Agent instead of the obsolete getdbhtp * The product now supports riskware scanning * HTTP Keep-Alive is supported 5. Known Issues * Upgrade from 2.16 is not supported, please uninstall the version 2.16 first Please see our Knowledge Base for up-to-date information about known problems and possible workarounds: http://www.f-secure.com/en_EMEA/support/business/ 6. Installation The product can be installed from an rpm package, or a tar package. Please replace BUILDNUM with the build number in the following instructions. 6.1 RPM installation or upgrade First download the rpm package, then run the following command as root user: # rpm -Uvh fsigk-4.00.BUILDNUM-0.i386.rpm After installation, please point your web browser to http://:9012/ and use the default username and password (admin/admin) to log in and configure the product. 6.2 Deb package installation First download the deb package, then run the following command as root user: # dpkg -i fsigk_4.00.BUILDNUM_all.deb After installation, please point your web browser to http://:9012/ and use the default username and password (admin/admin) to log in and configure the product. 6.3 Tar package installation First download the tar package, then run the following commands as root user: # tar zxf fsigk-4.00.BUILDNUM.tar.gz # cd fsigk-4.00.BUILDNUM # make install After installation, please point your web browser to http://:9012/ and use the default username and password (admin/admin) to log in and configure the product. 7. Contact Information and Feedback Please check our Linux weblog at: http://www.f-secure.com/linux-weblog/ To provide feedback or report problems, please see: http://support.f-secure.com/ Remember to mention the product version and Linux distribution you are using when contacting us. Copyright (c) F-Secure Corporation. All rights reserved.