Release notes for Symantec Brightmail AntiSpam 6.0.3

Article:TECH83913  |  Created: 2005-01-21  |  Updated: 2010-09-24  |  Article URL
Article Type
Technical Solution



This is a copy of the release notes for Symantec Brightmail AntiSpam 6.0.3


November 16, 2005

Known issues in Version 6.0.3

1. Erroneous error message when installing or uninstalling on Solaris 10.

If you see the error message -- "couldn't set locale correctly" -- when installing or uninstalling on Solaris 10, disregard it. (PR 16439)

2. Red Hat Enterprise Linux AS 3.0 users may not be able to connect Tomcat to the MySQL server.

When attempting to start the Control Center after installation, users may receive the error: "Host 'localhost.localdomain' is not allowed to connect to this MySQL server" (PR 9225). If you
receive this error, do the following:

a. Determine your MySQL brightmailuser password as described in "Access MySQL with brightmailuser Account Instead of root" in this document.

b. Open the MySQL client using the password you just looked up:

mysql --user=brightmailuser --password=PASSWORD

c. Run the following command on a single line. Replace REPLACE_HERE with either the IP Address or host name of the


3. Change to default port for Tomcat requires adjustments.

If you are using the Tomcat Web Application server to run the Control Center, the default port is 41080. If you wish to use another port, you must make changes to accommodate this choice in
two places, as follows:

a. Change the default port in the Tomcat configuration file, located at: /Tomcat/jakarta-tomcat-4.1.27/conf/server.xml to: port="xxxx"
where xxxx is the new port value you are setting.

b. Change the default port in the MySQL database, as follows:

table: settings_system
value: xxxx

where xxxx is the new port value you are setting

When accessing the Control Center in your browser, substitute the new port. For example, if the new port is 12345, type:


4. Needless errors posted for Client-only Scanner.

After installing a Brightmail Scanner that includes only a Brightmail Client, errors will be generated based on the lack of an installed Brightmail Server. You can in this situation
safely ignore errors regarding the following issues (PR 10103):

- Unable to open client cert.
- Could not open path/ruleupdates.xml: No such file or directory.
- Command handler: could not stream file path/ruleupdates.xml.
- Command handler: failed to open directory path/Stats.
- Command handler: could not resolve file spec $STATSDIR$$/$mc_stats.*.xml.

5. AntiVirus Cleaner status on Control Center incorrect.

If your antivirus filtering is stopped and restarted, the Status page on the Control Center may continue to show the status as Stopped. There is no way to correct the Status page. (PR 8365)

6. Need to issue kill command to stop Tomcat.

The included stop script for Tomcat fails to stop the Tomcat process. Should you need to stop Tomcat, issue a kill command. (PR 9326)

7. New decomposer.

"Symantec Brightmail AntiSpam Version 6.0.3, Build: keno-20051221-01 includes the Version Symantec decomposer, release 14f. This decomposer fixes a vulnerability to multiple heap overflows during decompression that could allow remote computer access via SMTP.

If you do not have Build: keno-20051221-01, install Patch 164.

To check the build (UNIX):
From the /scanner/bin directory, type:
strings conduit | \   grep Id | grep Name | awk {'print $10'} | sort -u

To check the build (Windows):
In Windows Explorer, right click on C:\Program Files\Symantec\SBAS\Scanner\Bin\bmserver.exe and select Properties Click the Version tab
Note the value of the `comments' field

8. Need to remove old logs before reinstalling Scanner.

If you uninstall a Scanner and do not remove the log files, and then later re-install a Scanner, the Control Center will not display the latest logs for the Scanner. To avoid this problem,
be sure to remove the log files after uninstalling a Scanner. (PR 10081)

9. Quarantine searches return too many or no results.

Some Quarantine searches return messages that do not match the search criteria specified. Quarantine has a built-in limit designed to prevent performance problems: for any search
that would return more than half the messages in the database, no results are shown. Because some searches return many inaccurate results, they can exceed the 50% limit and as a result show
no matches. (PR 9113)

10. When upgrading, AntiVirus is incorrectly shown as enabled.

When upgrading to this version, Symantec AntiVirus is shown in the Control Center as enabled even if you previously did not have Symantec AntiVirus enabled, or didn't have a subscription. To
disable it again, click the Settings tab and then click Settings under AntiVirus. Make sure that the Scan messages for viruses check box is cleared, and then click Save. If you purchased a
subscription and want to enable AntiVirus, check Scan messages for viruses and click Save. (PR 10385)

11. Incorrect version of MySQL reported.

If you check the version of MySQL using the BrightmailVersion URL (http://localhost:41080/brightmail/BrightmailVersion) the version of MySQL differs from the MySQL version reported when you
start the MySQL command line interface with the MySQL command. The version listed when starting the MySQL command line interface is the correct version. (PR 10409)

12. Top recipient report shows 1 less recipient than there were.

For the reports Spam: Top Recipients and Virus: Top Recipients, when viewing the time range of Past Month or Past Week, the number of recipients displayed is one less than the number of
recipients selected to display. (PR 10441)

13. IP Address for Quarantined messages remains at old address.

If, when installing a Scanner, you chose the "Any computer" option for the address of the Brightmail Control Center, configured spam messages to be quarantined, and later replaced
the Scanner and Brightmail Control Center, the old IP address for quarantined messages is retained. (PR 10153)

14. Access MySQL with brightmailuser account instead of root.

For better security, access to MySQL is now done via an account called brightmailuser instead of the MySQL root account. The brightmailuser password is created during the installation.
(PR 13823)

If you need to start a MySQL client session, you must know the randomly-generated brightmailuser password specific to your installation. Follow these steps to determine your brightmailuser

a. Open a console window as root.
b. Locate your Tomcat installation directory by running the following command:

grep "CATALINA_HOME=" /etc/init.d/tomcat4

c. Open the file $CATALINA_HOME/conf/server.xml with a text editor while logged in as root.
d. Locate the following section under the /brightmail Context.

<!-- MySQL dB username and password for dB connections -->

e. Note the current password in <value>password</value>.
f. Exit from the server.xml file.

15. Control Center won't install on Windows Server 2003 after Service Pack install.

On Windows Server 2003, the Brightmail Control Center does not install after applying Service Pack 1. To fix this problem, change the properties of My Computer to add "Turn on Dep for all programs and services except for those I select". Then, install the Control Center again.

To change the properties of My Computer:

a. On the desktop, right-click My Computer, and then click Properties.

b. On the Advanced tab, under Performance, click Settings.

c. In the Performance Options dialog box, on the Data Execution Prevention tab, click Turn on Dep for all programs and services except for those I select.

d. Click Add.

e. In the Open dialog box, go to the directory where the installation files are and locate the file bcc_installer_win.exe in the root of the ControlCenter folder. Click bcc_installer_win.exe, and then click Apply.

16. Report totals reset to 0 after upgrade.

Report totals on the Reports summary page are reset to 0 after an upgrade from one 6.0.x version to another. As new mail enters the system, the totals will increment as usual. (PR 14907)

17. Character set support.

The Control Center and Quarantine only support the ISO-Latin-1 character set. (PR 7425)

18. Recent Sun patch can cause bmserver not to load.

The loading of some recent Sun security patches for Solaris 8, 9, and 10 creates a situation in which the Brightmail Server fails on startup. (PR 16483 and 16578)

These patches are described in Sun Alert 101794, located at:

To solve this problem, please contact Sun Support.

Important Changes and Additions for Version 6.0.3

1. Documentation not updated.

The Symantec Brightmail AntiSpam Installation Guide and the Symantec Brightmail AntiSpam Administration Guide have not been updated for Version 6.0.3. Therefore, the new information
contained in this release note warrants particular attention.

2. Installation and upgrade.

Symantec recommends that you upgrade all of your Brightmail Scanners to Version 6.0.3 before you upgrade your Brightmail Control Center. You can upgrade from versions 6.0, 6.0.1, or 6.0.2. Upgrading
or migrating data from Version 5.5 or earlier is not supported. Use of the Settings > Migration page in the Brightmail Control Center is not supported. For complete installation documentation, see the
Symantec Brightmail AntiSpam Installation Guide.

3. Migrations and upgrades from Version 4.0 not possible.

You cannot migrate, upgrade or combine a Brightmail Solution Suite 4.0.x configuration with a Symantec Brightmail AntiSpam 6.0.x configuration. The configuration models are completely different.

4. Some Quarantine settings disabled upon install.

In order to enhance performance, the Installer will set the value of the following Quarantine settings to FALSE, for both new and upgrade installations:


Disabling these settings can dramatically improve Quarantine performance. To enable these settings, go to the Quarantine settings page in the Brightmail Control Center. (PR 15996)

5. Library required on Linux.

On Linux operating systems, Symantec Brightmail AntiSpam requires the library This library is typically found in /usr/X11R6/lib/ and is available as of the date of this
release note at:

6. Repeated installations on same machine not supported.

If you install Symantec Brightmail AntiSpam, you cannot install it again on the same machine unless you first uninstall it. (PR 16464)

7. New decomposer.

Symantec Brightmail AntiSpam Version 6.0.3 includes the Version Symantec decomposer, release 14b.

8. Latest signature rules.

Symantec Brightmail AntiSpam Version 6.0.3 makes use of the most advanced signature matching technology available, BrightSig3.

9. Solaris 10 supported.

Symantec Brightmail AntiSpam Version 6.0.3 supports Solaris versions 8, 9, and 10.

10. Symantec Spam Plug-in for Outlook clarifications and corrections.

Note the following Symantec Spam Plug-in for Outlook clarifications and corrections to the 6.0.2 version of all Symantec Brightmail AntiSpam documentation. (PR 14976)

a. All configuration options must be on the same line.
b. The variable name "ALLOWED CONTACTS" is incorrect.
The correct variable name is "ALLOW_CONTACTS".
c. The variable name "DISPLAY_ARE_YOU_SURE_MSGS" is incorrect.
The correct variable name is "DISPLAY_ARE_YOU_SURE_MSG".

The AUT_-AD_-BLOCKED variable can have any one of the following three values: 0; 1; 2. To disable this setting, give it a value of 2.

11. Symantec Spam Plug-in for Outlook toolbar does not appear.

If you are upgrading from a previous version of the Symantec Spam Plug-in for Outlook, or have uninstalled and reinstalled the Outlook Plug-in and the toolbar does not appear when Outlook is opened,
do the following:

-- Open Windows Explorer.
-- Browse to the Extend.dat file, right-click it, and delete it.

The default location for the Extend.dat file is:
Windows 98
C:\Windows\Local Settings\Application Data\Microsoft\Outlook
Windows NT 4.0
%Userprofile%\Application Data\Microsoft\Outlook
Windows 2000/XP
%Userprofile%\Local Settings\Application Data\Microsoft\Outlook

(PR 14976)

12. Optional function call in SDK.

An optional function call has been added to the Symantec Brightmail AntiSpam SDK, bmiRequestID. This call returns the dotted decimal IP address of the connected Brightmail Server. (PR 14908)

13. LDAP checking for invalid recipients enabled in admin-only mode.

Previously, when used in admin-only mode, Quarantine would not attempt to delete messages with unresolved recipients, even if the Delete messages sent to unresolved email addresses checkbox was checked. Now, if you have configured an LDAP authentication source, and the checkbox is checked, Quarantine will perform lookups and attempt to resolve recipients, and will delete messages for unresolved recipients. (PRs 14779, 15724)

14. LDAP authentication caching enabled by default.

LDAP authentication caching has been enabled by default. This represents a performance improvement. (PR 15726)

15. Query cache enabled in MySQL by default.

Query caching has been enabled by default in MySQL. This represents a performance improvement. (PR 14879)

Patch release notes

The following patches have been applied since the last update to the documentation for Symantec Brightmail AntiSpam Version 6.0.

Patch 148
PR #: 14423
Component: Spamhunter
Summary: Split URL schema hides URL

Previously, Spamhunter's decomposer detected URLs by finding one of a fixed set of prefixes. If the prefix was split by whitespace, the URL beginning was not detected. This patch
resolves this issue.

Patch 149
PR #: 14100
Component: Sieve module
Synopsis: Heavily nested MIME message ties up service thread

Previously, processing a heavily nested MIME message could cause all CPU resources to be consumed. Patch 149 provides a cutoff limit to the parse depth for a given message. This limit
is twice the value set for the AntiVirus Maximum Scan Depth. If the maximum number of mime parts is exceeded, the Sieve module will treat the message as a standard RFC2822 message.

Patch 151
Pr #: 14375
Component: Spamhunter
Synopsis: language rules not firing on subjects or mixed language messages

Previously, language-specific AntiSpam rules were not firing on subjects or bodies of some messages with more than one identified language. This issue has been resolved.

Patch 153
PR #: 14924
Component: bmserver
Synopsis: Engine appears to freeze while writing stats

Formerly, writing statistics out while processing messages with very large numbers of recipients was taking too long due to non-optimized string-related calculations.
This has been resolved.

Patch 155
PR #: 10457
Component: Conduit and AntiVirus
Synopsis: AntiVirus Cleaner exits when loading corrupt ruleset. Never restarts.

Formerly, the AntiVirus Cleaner would exit and not restart when given a corrupt ruleset. The rulesets are now tested by the Conduit before being loaded, and will not be loaded
if they fail.

Patch 156
PR #: 15111
Component: Quarantine
Synopsis: Quarantine LDAP address resolution does not escape wildcards.

Formerly, when Quarantine tried to verify recipient addresses against an LDAP directory, wildcard characters in the recipient address were not escaped but instead passed in the LDAP
query. This increased the load on the LDAP server as it searched, not for an exact match to the recipient address, but for all records that matched the wildcard expansion. This has been
resolved; the following reserved characters are now escaped when performing email address resolution: [space], \, *, (, ).

Patch 157
PR #: 8070 and 15481
Component: AV
Synopsis: AntiVirus Scanner and AntiVirus Cleaner Timeouts.

Formerly, certain messages could cause the AV Scanner and AV Cleaner to process messages for an extended period of time. This has been resolved in the following manner:

8070:When scanning or cleaning messages, the modules will timeout if processing time has exceeded a defined timeout value.

If the timeout occurs during AV cleaning, the cleaner will revert the message back to its original form (discarding any cleaning that has happened so far on the message) and deliver it with a notification
that the message could not be cleaned.

15481: Formerly, when processing a winmail.dat object embedded in a MIME file within a particular message, the decomposer would crash. This has been resolved with a new version of the decomposer.

Patch 160
NOTE: Patch 160 includes and supersedes patches 151 and 148.
PR #: 15915
Component: Spamhunter
Synopsis: Messages containing URLs with certain characteristics are not detected as extractable URLs

Formerly, URLs with certain characteristics were not detected as extractable URLs, causing active URL filters not to fire on them. This has been resolved. Now, such URLs are detected properly.

Patch 161
NOTE: Patch 161 includes and supersedes patches 151, 148, and 160.
PR #: 16234 and 16307
Component: Spamhunter
Synopsis: crash in Spamhunter on specific message
16234: Previously, a problem in MIME parsing was leading to an error in handling certain message attachments. This has been resolved.

Copyright © 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Brightmail, and Symantec Brightmail AntiSpam are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The Licensed Software and Documentation are deemed to be “commercial computer software” and “commercial computer software documentation” as defined in FAR Sections 12.212 and DFARS Section 227.7202.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices