Release notes for Symantec Scan Engine 5.2
|Article:TECH89283|||||Created: 2008-01-03|||||Updated: 2012-10-09|||||Article URL http://www.symantec.com/docs/TECH89283|
This document contains the release notes for Symantec Scan Engine 5.2 in-line releases. For Symantec Protection Engine 7.x (SPE7.x), find the links at the bottom of this document.
Symantec Scan Engine 5.2.14
Symptom: The word Antivirus is denoted as 'AntiVirus' in Configuration-Protocol-RPC.
Symptom: Java CLS: Clobber option gives an error unless immediately followed by the -b or "verbose" option
Symptom: Java CLS: "server" wrongly spelt as "serever" and missing colon in the Java CLS help
Symptom: Email with Encrypted container, when scanned with "Delete encrypted containers" unchecked shows improper notification in MIME
Symptom: LU not performed based on the LU basetime in liveupdate.xml as described in Impl Guide pp.225, "Changing the LiveUpdate base time"
Symptom: After upgrade to 5.2.8 the Upgrade_v18.104.22.168 folder contains improper text in versions file
Symptom: ssecls.exe should have the option to display its version
Symptom: Enhancement Request for when SSE runs out of disk space while writing to temp
Symptom: SSE5.2.10 fails in LiveUpdate if the locale is ja_JP
Symptom: Any file with the string "%PDF-" in the first 1024 bytes will trigger a 'malformed container' scan error
Symptom: SSE 5.2.14 should provide support for JRE 1.7
Symptom: SSE 5.1 scanners are randomly restarting/crashing
Symptom: HTML Post data triggered Malformed Container verdict
Symptom: Handle "ID_MALFORMITY_EXTENSION_MISMATCH" malformity in SSE
Symptom: "Change Password" link on Home Page is Not Required on SSE UI, when using AD Authentication Mode
Symptom: Upgrading form 5.2.13 does not show options for upgrade type
Symantec Scan Engine 5.2.13
Symptom: Files above FileSizeScanThreshold are being copied locally, forcing an abort timeout on the Filer.
Symptom: High memory usage by the Linux Rapid Release script for Symantec Scan Engine 5.2.
Symptom: Issue with getting the correct items by ScanResultGetProblem API when including CR+LF control character in the file name.
Symptom: The extra OPTIONS request is getting executed every time while scanning a file with SSE.
Symptom: The Command Line Scanner will report infected file deleted, even when it fails to delete the infected file.
Symptom: Enhancement - Decomposer and Generic errors/events should be forwarded to SSIM.
Symptom: Enhancement - JRE 5.0 installer is removed from the ISO package (End of support)
Symptom: The "log bind address" field does not apply to SNMP traps.
Symptom: Enhancement - category3 "FileSizeScanThreshold" parameter is moved to category2.
Solution: Fixed. The value /filtering/FileAttribute/FileSizeScanThreshold is in the filtering.xml file.
Symptom: Enhancement - category3 "FilerPerformanceThreshold" parameter is moved to category2.
Symptom: Java Command Line Scanner (CLS) produces an error when scanning large files (~1GB) and Scan Engine is installed on RHEL 5.6.
Symptom: The 64-bit SSE C command line scanner for Linux causes "double free or corruption (!prev)" error.
Symptom: Typo in the symcscan.mib file.
Symptom: ScanClientStreamStart API has a memory leak.
Symptom: All SSE Binaries including (exe, dll and jar) that goes into the ISO/ZIP package needs to be signed.
Symptom: Graceful shutdown always fails after SSE build 5.2.10.
Symptom: Scan Engine hangs when 1,000 messages/second are send to SSE.
Symptom: Java API is modifing the filepath to scan if the path has a path structure different than that of the local OS.
Symptom: Sometimes SSE 5.2.11 cannot detect the Eicar test virus.
Symptom: Java LogFileConverter's log code mapping system is not fully updated.
Symptom: Enhancement - Latest ssecls.exe in 5.2.13.x package as well as in the Installer.
Symptom: Enhancement - Include Latest ssecls.jar in 5.2.13.x package as well as in the Installer.
Symptom: Sometimes client IP address field and the field before it are missing in a log file.
Symptom: Integrate AD Authentication feature to SSE 5.2.13
Symantec Scan Engine 5.2.11
Symptom: SSE logon account is not passed on during an upgrade, during an upgrade the SSE logon account gets set back to Local System.
Symptom: Scanning a file that contains a vertical bar in its filename produces garbled log.
Symptom: Scan Engine runs into issues while scanning web pages that contain a pipe character.
Symptom: Command Line Scanner, ssecls.exe, on Windows reports scan error when the filepath contains double byte characters.
Symptom: When installing Scan Engine on Solaris, SSE changes the current group for all directories under /opt/Symantec/.
Symptom: Scan Engine crashes when scanning a specific email containing the wrong field format.
Symptom: Scan Engine crashes in ICAP mode on Linux, when SSE processes multiple scan requests for PDF files containing attachments.
Symptom: CPU reaches 100% when scanning a specific Macintosh PPT file, which leads to SSE crashing.
Symptom: A foreign character/double byte character in a log entry causes the log file Export feature in the Scan Engine GUI to fail.
Symptom: DELETE0.txt is not getting created in single part mime when policy violation is of type "Delete By file name/file size".
Symptom: Eicar.txt is not getting replaced with DELETE0.txt in case of SINGLE PART MIME.
Symptom: No heading white spaces/tabs before "format" and "charset" lines shows garbled notification.
Symptom: "Insert notification in empty body of MIME containers feature" should give a facility to specify the character set of newly created body section.
Symptom: SSE should provide a notification text for MIME container when cleaned/repaired by SSE.
Solution: Added category-3 parameter EmptyBodyMIMEStandardHandling. If value is true, SSE works in legacy way by creating Custom body if false, enhanced handling of mime containers takes place.
Symptom: A virus file when deleted by SSE should get replaced by a DELETEDX.txt file along with notificaton text inside.
Symptom: "DELETEDX.txt" replacement files created inside MIME containers should have Content type "text/plain.
Symptom: "Content-type" field values are incorrect when CSAPI replaces infected file with DeletedX.txt replacement file.
Symptom: The .dat files, located in /opt/SYMCScan/log, has the number of columns and number of corresponding titles not match.
Symptom: MaxExtractSize parameter.
User Interface: A tool tip specifying that tar, rar and zip container can be extracted upto 30719 MB and 1907 MB for other container types.
Symptom: Power Point file causes Decomposer 17 Error when scanned by Scan Engine 5.2.8.
- Avoid LogFileConverter error without UseUTF8Names enabled in category3.xml
- Retain the current setting of setup-iu during an upgrade. If shadow IU is enabled, leave it enabled during an upgrade.
- Allign MaxExtractSize with the actual CSAPI limit.
- Support for scanning of Multimedia Messaging Service (MMS) files.
- Native 64-bit C++ SDK on Windows 2008 R2
- Native 32-bit and 64 bit C++ SDK on Solaris 10 x86
- AMD Opteron hardware support
- Greater than 2 GB files support (Note: Only for tar, rar, and zip container types. Top-level tar, rar, and zip containers can be extracted up to 30719 MB, if each of the contained files is less than or equal to 1907MB. For all other containers/files, the limit stays 1907MB as before.)
- Support for new files types (zipx, mms and 7z)
New Platform Support added to 5.2.11:
- Windows 2008 R2 SP1
- Windows 2008 SP2 (32 bit and 64 bit)
- RHEL 5.5 (32-bit and 64 bit)
- RHEL 6.0 (32-bit and 64 bit)
New Compilers for C++ SDK:
- gcc 4.1.2 (RHEL 5.5 64.bit/RHEL 6.0 64-bit/SUSE 11 64-bit)
- gcc 3.4.3 (Solaris 10 x86 32-bit/Solaris 10 x86 64-bit)
Microsoft Visual Studio 9.0 (VC++):
- Windows 2008 R2 (64-bit)
- Windows 2008 (64-bit)
Symantec Scan Engine 22.214.171.124
Symptom: SNMP traps "agent-addr" is always reported as 255.255.255.255 instead of correct agent IP address.
Symptom: Customer reporting frequent ERROR_INPUT_STREAM_OPEN errors when using our API with Scan Engine.
Enhancements: Symantec Scan Engine 5.2.10 has improved on the URL filtering content that will be available. 5.2.10 will have an additional URL filtering category, CAIC, which will contain URLs for Child Abuse Image Content.
Notes: Starting with SSE 5.2.10, the DDR feature will no longer be available in Scan Engine.
Symantec Scan Engine 5.2.8
Symptom: SSE in RPC mode will crash if there are 6 or more IP addresses in the RPC client list.
Symptom: Cannot Add Local Categories when using Java 6 with SSE 5.2.5
Symptom: SSE5.2.5 cannot retain the UpdateMailBody value when upgraded from SAVSE4.3.x
Symptom: A specific sample triggers malformed container error
Symptom: Scan Engine Daemon issue: Unable to create dump file in root folder (/) when SSE is run under non-root user.
Solution: Fixed. Introduced an environment variable SSE_CRASH_LOG_DIR to accept directory location for creation of dump file.
Symptom: Scan engine does not process any request even if bombarded with 20 threads.
Support on new platforms:
Symantec Scan Engine 5.2.8 is now supported on the following Linux platforms in addition to the existing ones:
- SuSE Enterprise Linux 11 (32-bit)
- SuSE Enterprise Linux 11 (64-bit).
- Scan Engine now retains only one backup copy of definitions to be maintained for rollback. Previously, two backup copies were maintained.
- Scan Engine now integrates Java LiveUpdate version 3.6.
- Scan Engine now permits configuration of its associated Java Virtual Machine via an external file.
- Scan Engine now checks for any hung or stuck JavaLiveUpdate processes during startup.
- Scan Engine now has a hidden parameter that allows users to configure what characters are used for the "Insert notification in empty body of MIME containers feature".
Symantec Scan Engine 5.2.7
Symptom: During URL ICAP filtering, unexpected behavior is seen while parsing URL/Host field.
Symptom: DBCS file names are not correctly logged when file scanning is bypassed by FileSizeScanThreshold parameter.
Symantec Scan Engine 5.2.6
Symptom: Notification message cannot be inserted while scanning a virus-attached email that doesn't contain a message body.
Symptom: The entire LZH container file is removed as an infected file even if it contains virus file and normal clean files inside.
Symptom: The line feed code in deleted*.txt file is defined in LF, not CR+LF.
Symptom: Symantec Scan Engine crashes while querying file information for a file on the NetApp Filer that has a Modified Date earlier than 1970.
Symptom: Notification message cannot be inserted if Symantec Scan Engine is not installed in "root".
Symptom: Symantec Scan Engine 5.2 fails to apply any settings modified through the GUI when it runs as a non-root user on Linux.
Symptom: Symantec Scan Engine 5.2/5.1 fails to install when the installing user account contains "!" in its name.
Symptom: Extra "**N" string is inserted in the last part of deleted*.txt file.
Symptom: Symantec Scan Engine should enable PDF engine by default.
Symptom: The exclusion feature on the Command Line Scanner interprets any text to the right of the first '.' character as the extension, instead of searching for the last '.' character in the filename.
Symantec Scan Engine 5.2.5
Symptom: Notification message gets garbled for a Japanese email with infected ZIP container.
Symptom: Symantec Scan Engine support for ZIP with Unicode file names.
Symptom: Symantec Scan Engine support for WinZip's Enhanced Deflate compression algorithm.
Symptom: Certain .zip files cause Decomposer Error 40 when scanned with Symantec Scan Engine.
Symptom: Need Boolean configuration control variable to suppress the “Unknown Algorithm” errors to WARNING level.
Symptom: Symantec Scan Engine crashes on a specific message with RAR.
- Added Symantec Scan Engine support for JRE 1.6 family.
- Added Symantec Scan Engine support for SUSE Linux 10 (64-bit, English).
- Added Java Command Line scanner as a part of Symantec Scan Engine installable.
Symantec Scan Engine 5.2.4
Symptom: When in RPC mode, Symantec Scan Engine fails to delete the .tmp files that are created in the Temp directory for files that cause container limit violations.
Symptom: When in RPC mode, Symantec Scan Engine terminates the original scan request from the NetApp Filer if the scanned file is large and has a long file path.
Symptom: When using FILEMOD request, Symantec Scan Engine fails to delete the infected files that have file path longer than 255 bytes.
Support on New Platforms:
Symantec Scan Engine 5.2.4 is now supported on the following Windows Operating Systems in addition to the existing ones.
- Windows Server 2008 (32-bit)
- Windows Server 2008 (64-bit)
- Windows Server 2003 (64-bit)
Note: Symantec Scan Engine runs as a 32-bit process on 64-bit platforms.
Symantec Scan Engine 5.2.3
Symptom: The symcscan process consumes all CPU resources even without any processing.
Symptom: Symantec Scan Engine 5.2 has high CPU usage on Red Hat Linux Advanced Server 4 and Red Hat Enterprise Linux 5 even when it is not scanning any files.
Symptom: Symantec Scan Engine corrupts the notification message inside the email due to DBCS (Japanese, Turkish, German, etc.) file name.
Symptom: Enhancement requested for providing a signed .NET dll (symcsmsnetapi.dll) in the SDK.
Solution: The .NET SDK library is now digitally signed.
Symantec Scan Engine 5.2.2
Symptom: Enhancement request to change the backlog size.
Symptom: Symantec Scan Engine requests an incorrect path from the Filer when the path contains a filename with a double byte character "Ş".
Symptom: Enhancement request for a feature to insert custom alert message into original mail.
Solution: A category-3 parameter is introduced to get location of file containing customized notification message.
Symptom: Configure the location of alert message in Symantec Scan Engine so that it shows up at the top of the email.
Solution: A Boolean parameter "NotificationTextAtTop" is introduced in policy.xml file. Setting its value to “true” or “false” will place the notification text at the top or bottom of the email, respectively.
Symantec Scan Engine 5.2.1
Symptom: Symantec Scan Engine fails to scan files with certain foreign characters in the file name.
Symantec Scan Engine 5.2
"The rights and license to use granted to You by Symantec under the Symantec Software License Agreement for Symantec Scan Engine shall also apply to Your use of the software development kits ("SDKs") and source code files included as part of the Symantec Scan Engine software package. You may not use or copy the SDKs or source code files included with the Symantec Scan Engine package without a corresponding license to the Symantec Scan Engine software."
Third-Party Legal Notices
This Symantec product may contain third party software for which Symantec is required to provide attribution (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. This appendix contains proprietary notices for the Third Party Programs and the licenses for the Third Party Programs, where applicable.
Apache Xerces-J, Apache Xalan-J & Apache Batik
Apache Software Foundation
Portions of this program contain components from the Apache Software Foundation. These components are made available under the Apache License 2.0, a copy of which is provided herein.
Version 2.0, January 2004
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
You must give any other recipients of the Work or Derivative Works a copy of this License; and
You must cause any modified files to carry prominent notices stating that You changed the files; and
You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions.
Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty.
Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
8. Limitation of Liability.
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
International Components for Unicode (ICU)
International Business Machines Corporation and others
IBM ICU International Business Machines Corporation Copyright (c) 1995-2006 International Business Machine Corporation and others All rights reserved.
ICU License - ICU 1.8.1 and later
COPYRIGHT AND PERMISSION NOTICE
Copyright (c) 1995-2006 International Business Machines Corporation and others
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting documentation.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder.
Robert van Engelen, Genivia, Inc
gSOAP is copyrighted by Robert A. van Engelen, Genivia, Inc.
Copyright (C) 2000-2005 Robert A. van Engelen, Genivia, Inc.
All Rights Reserved.
All trademarks and registered trademarks mentioned herein are the property of their respective owners.
Symantec Scan Engine 126.96.36.199 (SSE 5.2.10-MP1)
Symptom: When upgrading to Symantec Scan Engine 5.2.10 using the silent install method, the upgrade fails.
Notes: Starting with SSE 5.2.10, the DDR feature will no longer be available in Scan Engine.
Symantec Scan Engine 5.2.11
Article URL http://www.symantec.com/docs/TECH89283