Email Gateway 7.6.x Known Issues
Technical Articles ID:
KB78950
Last Modified: 6/20/2017
Last Modified: 6/20/2017
Environment
McAfee Email Gateway (MEG) 7.6.x
Summary
This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release, or if additional information becomes available. To read the Release Notes, see:
| Release Notes | Version | RTW |
| PD27128 | Email Gateway 7.6.406 | June 19, 2017 |
| PD26886 | Email Gateway Hotfix 7.6.405h1165239 NOTE: This Hotfix can be applied only to appliances running 7.6.405 and supersedes Hotfix 7.6.405h1157986, which was Released To Support (RTS) only and not publicly available. |
February 02, 2017 |
| PD26714 | Email Gateway 7.6.405 | October 03, 2016 |
| PD26447 | Email Gateway 7.6.404 | March 30, 2016 |
| PD26333 | Email Gateway 7.6.403 | January 28, 2016 |
| PD26050 | Email Gateway 7.6.400.1 | July 23, 2015 |
| PD25949 | Email Gateway 7.6.4 | May 14, 2015 |
| PD25680 | Email Gateway 7.6.3.2 | January 15, 2015 |
| PD25648 | Email Gateway 7.6.3.1 | December 19, 2014 |
| PD25527 | Email Gateway 7.6.3 | October 31, 2014 |
| PD25192 | Email Gateway 7.6.2 | June 26, 2014 |
| PD24844 | Email Gateway 7.6.1 | November 26, 2013 |
| PD24701 | Email Gateway 7.6 | September 27, 2013 |
Known Issues
NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.
CRITICAL: There are no critical issues at this time.
Non-critical:
| Reference Number | Related Article | Issue Description |
| 1168289 | Issue: You enable Or if the recipient does not satisfy the query and select the Reject action (under Email, Email Configuration, Receiving Email, Recipient Authentication, Recipient checks). When MEG receives the RCPT TO command twice from a recipient who does not exist in the LDAP server, MEG replies 550 Denied by policy for the first RCPT TO command, but replies 250 OK for the second. Solution: This issue is addressed in MEG 7.6.406. |
|
| 1158096 | Issue: When you click a Spam Settings exception, the Spam Terms are reset to the Default settings. Solution: This issue is addressed in Hotfix 7.6.405h1165239. |
|
| 1157548 | Issue: The appliance incorrectly blocks messages with the reason: blocked:informational. Solution: This issue is addressed in Hotfix 7.6.405h1165239. |
|
| 1159827 | SB10178 | Issue: The following vulnerabilities have been reported against the MEG appliance:
Solution: Hotfix 7.6.405h1165239 updates the appliance to address this vulnerability. See the Related Article for further information. |
| 1165117 | SB10177 | Issue: Vulnerability CVE-2016-5195 has been reported against the kernel used in MEG 7.6.x. Solution: Hotfix 7.6.405h1165239 updates the appliance kernel to address this vulnerability. See the Related Article for further information. |
| 1158096 | Issue: When you click a Spam Settings exception, the Spam Terms are reset to Default settings. Solution: This issue is addressed in Hotfix 7.6.405h1165239. |
|
| 1164309 | Issue: A Mail body that features URLs will be padded if Click Protect and a second AV scanner are is enabled. Solution: This issue is addressed in Hotfix 7.6.405h1165239. |
|
| 1161971 | Issue: After you install 7.6.405, SSL negotiation with McAfee Quarantine Manager (MQM) uses TLS version 1.0. When MEG connects to the MQM using HTTPS, it negotiates at TLS v1.0. Solution: This issue is addressed in Hotfix 7.6.405h1165239. Workaround: Use plain HTTP communication or re-enable TLS 1.0 on the MQM server. |
|
| 1164406 | Issue: After you install 7.6.405, scanner nodes in a cluster do not use their configured DNS servers. Consequently, you see updates fail on that node. Solution: This issue is addressed in Hotfix 7.6.405h1165239. Workaround: Available by remote session. |
|
| 1140807 | Issue: MEG incorrectly detects a specifically formatted .docx document as corrupt, and then blocks the host email. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1144078 | Issue: MEG incorrectly detects a specifically formatted PDF as corrupt content. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1133867 | Issue: Multiple segmentation faults are seen on the ws_inv-smtp process: ws_inv-smtp[32524]: segv received with 36 frames, errno 0 tid 32547 ws_inv-smtp[14901]: segv received with 33 frames, errno 0 tid 21015 ws_inv-smtp[14901]: segv frame 1 : /lib64/libpthread.so.0(+0xf7e0) [0x7fe3299817e0] Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1138950 1138957 |
Issue: A segmentation fault is seen on the ws_inv-smtp process: May 24 11:27:08 mx00 ws_inv-smtp[4840]: segv received with 36 frames, errno 0 tid 4934. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1140436 | Issue: A segmentation fault is seen when scanning a specifically formatted Microsoft .docx file. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1140749 | Issue: MEG 7.6.x suffers a segmentation fault error while scanning a specifically formatted .zip file. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1140958 | Issue: Specifically formatted .docx document is incorrectly detected as corrupt content and is blocked. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1142953 | Issue: McAfee, Inc. replaced with Intel Corporation in customer-facing copyright notices. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1144205 | Issue: Emails are incorrectly marked as Unscannable Content. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1144346 | Issue: Messages with specifically formatted PDF attached are improperly blocked as corrupt content. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1146147 | Issue: Specifically formatted Microsoft Office documents cause a SEGV error, are marked as unscannable, and are then incorrectly blocked. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1146361 | Issue: Mailprotect incorrectly triggers on an email attachment. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1149385 | Issue: MEG returns 550 Denied By policy - unscannable content error when a specifically formatted .docx file is attached to an email. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1150356 | Issue: MEG 7.6.x suffers a segmentation fault error while scanning a specifically formatted RTF file, and the mail then incorrectly triggers mailprotect. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1156026 | Issue: MEG 7.6.x suffers a segmentation fault error while scanning a specifically formatted .xlsx file, and the mail then incorrectly triggers mailprotect. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1154435 | Issue: MEG 7.6.x suffers a segmentation fault error when scanning a specifically formatted .xlsx file: segv received with 36 frames, errno 2 tid 7350 Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1140741 | Issue: MEG 7.6.x suffers a SEGV error while scanning a specifically formatted .zip file. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1151933 | Issue: In hybrid mode the conversation logs are incorrectly appended to the previous transaction when multiple mails are sent in a single connection. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1154152 | Issue: MEG 7.6.x suffers a SEGV error when it scans a specifically formatted Microsoft Excel (.xls) file: segv received with 36 frames, errno 2 tid 7350 segv frame 1 : /lib64/libpthread.so.0(+0xf7e0) [0x7f4dff6c37e0] segv frame 2 : /opt/NETAeSCM/v4/lib/kvolefio.so(hSwitchFromOLE+0x18) [0x7f4decbeafb8] Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1133855 | Issue: MEG 7.6.x suffers SEGV errors when is scans specifically formatted Microsoft office files (.docx, .xls and .xlsx). You see various errors depending on the file, similar to the following: ws_inv-smtp[14901]: segv received with 33 frames, errno 0 tid 21015 ws_inv-smtp[14901]: segv frame 1 : /lib64/libpthread.so.0(+0xf7e0) [0x7fe3299817e0] Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1146187 | Issue: MEG 7.6.x scans specifically formatted attachments incorrectly and triggers a mailprotect detection. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1144202 | Issue: The MEG Unscannable Content Detection feature is incorrectly triggered when scanning certain specifically formatted Microsoft Project, Word and Visio files. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| 1150052 | Issue: When MEG 7.6.x scans a specifically formatted RTF file, you see a failure in the content scanning engine of MEG, causing the message containing the RTF file to be delayed. Solution: Fixed in Hotfix 7.6.405h1157986. |
|
| KB79266 | Issue: Changes in statistics counters and event reason codes in MEG 7.6.4 Workaround: Documented in related article. |
|
| Issue: Messages destined for remote quarantine are stored by the MEG for longer than the quarantine clean up period (default 14 days). Resolution: This is expected behavior. MEG does not delete messages destined for remote quarantine except upon successful delivery of the message. Workaround: To clear the messages from the MEG appliance, either delete them manually via Message Search or reconnect MEG to Quarantine Manager (MQM) and let the messages flow from the appliance to MQM for remote quarantine. |
||
| 911329 | Issue: In an IPv6 environment, ePO uses IPv4 for performing tasks such as pushing policy and DAT updates (and updates fail totally on a single-stack IPv6 ePO server). | |
| 849599 | Issue: Installing multiple patches by autoupdate fails on scanning blades. | |
| 907151 | Issue: Policy exception hit is not shown on the conversation log for spam mail with compliance exception. | |
| 909609 | Issue: Dashboard reports the bond interface state as Healthy even when constituent NIC is down (Resilient Blade). | |
| 909292 | Issue: PGSQL Errors are listed in the Cluster Master messages log when connecting to the Cluster Scanner management console. | |
| 1021636 | Issue: On MEG 7.6.4, when Authentication events are enabled, the appliance always logs the LAN1 IP address in syslog irrespective of the actual interface to which a client is connected over SSH. | |
| 1051130 | Issue: On MEG 7.6.4, when attachment checksum calculation is enabled and a limit is configured for the number of checksums to be calculated, if the limit is reached while scanning files within an archive, the checksum for the top-level archive will not be computed. | |
| 1051426 | Issue: On MEG 7.6.4, when attachment checksum calculation is enabled, Technical Support recommends that enable identification of file formats option is also enabled, to ensure that conversation logs always display the file format correctly. | |
| 1067599 | Issue: When an ePO-managed appliance is upgraded or re-imaged, it shows up as a new appliance under the ePO extension's Registered Appliances. Workaround: The old instance of the appliance will show up as not connected and can be safely deleted. This means that Set Credentials will need to be actioned for the new appliance. |
|
| 1047866 | Issue: Certain warning messages are listed in the Hyper-V host event logs citing version mismatch and unsupported configuration. For example, Hyper-V Volume Shadow Copy Requestor failed to connect. Resolution: These warnings can safely be ignored, and Microsoft will provide any requisite technical support even if these warnings are logged in the system. See page 14 of the Linux Integration Services 3.5 for Hyper-V Readme: http://download.microsoft.com/download/0/8/E/08EE288C-B81E-425A-85D1-67EA7155AB7E/Linux%20Integration%20Services%20v35.pdf |
|
| 1076159 | Issue: When you upgrade the EWG help extension on ePO, you see an error similar to Cannot upgrade extension ewg_help to version 2.4.0.010 because version 230.007 is already installed. Workaround: Uninstall the previous version of the EWG help extension before installing the latest one. |
