Loading...

Knowledge Center


Email Gateway 7.6.x Known Issues
Technical Articles ID:   KB78950
Last Modified:  6/20/2017
Rated:


Environment

McAfee Email Gateway (MEG) 7.6.x

Summary

This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release, or if additional information becomes available. To read the Release Notes, see:
 
Release Notes Version RTW
PD27128 Email Gateway 7.6.406 June 19, 2017
PD26886  Email Gateway Hotfix 7.6.405h1165239
NOTE: This Hotfix can be applied only to appliances running 7.6.405 and supersedes
Hotfix 7.6.405h1157986, which was Released To Support (RTS) only and not publicly available. 
February 02, 2017
PD26714 Email Gateway 7.6.405 October 03, 2016
PD26447 Email Gateway 7.6.404 March 30, 2016
PD26333 Email Gateway 7.6.403 January 28, 2016
PD26050 Email Gateway 7.6.400.1 July 23, 2015
PD25949 Email Gateway 7.6.4 May 14, 2015
PD25680 Email Gateway 7.6.3.2 January 15, 2015
PD25648 Email Gateway 7.6.3.1 December 19, 2014
PD25527 Email Gateway 7.6.3 October 31, 2014
PD25192 Email Gateway 7.6.2 June 26, 2014
PD24844 Email Gateway 7.6.1 November 26, 2013 
PD24701  Email Gateway 7.6 September 27, 2013


Known Issues
NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.

CRITICAL: There are no critical issues at this time.

Non-critical:
Reference Number Related Article Issue Description
1168289   Issue: You enable Or if the recipient does not satisfy the query and select the Reject action (under Email, Email Configuration, Receiving Email, Recipient Authentication, Recipient checks). When MEG receives the RCPT TO command twice from a recipient who does not exist in the LDAP server, MEG replies 550 Denied by policy for the first RCPT TO command, but replies 250 OK for the second.

Solution: This issue is addressed in MEG 7.6.406.
1158096   Issue:  When you click a Spam Settings exception, the Spam Terms are reset to the Default settings.

Solution: This issue is addressed in Hotfix 7.6.405h1165239.
1157548   Issue: The appliance incorrectly blocks messages with the reason: blocked:informational.

Solution: This issue is addressed in Hotfix 7.6.405h1165239.
1159827 SB10178 Issue: The following vulnerabilities have been reported against the MEG appliance:
  • CVE-2015-8325: The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8325
     
  • CVE-2016-0777: The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0777
     
  • CVE-2015-6563: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6563

Solution:  Hotfix 7.6.405h1165239 updates the appliance to address this vulnerability. See the Related Article for further information. 
1165117 SB10177 Issue: Vulnerability CVE-2016-5195 has been reported against the kernel used in MEG 7.6.x.
Solution:  Hotfix 7.6.405h1165239 updates the appliance kernel to address this vulnerability. See the Related Article for further information. 
1158096   Issue: When you click a Spam Settings exception, the Spam Terms are reset to Default settings.

Solution: This issue is addressed in Hotfix 7.6.405h1165239.
1164309   Issue: A Mail body that features URLs will be padded if Click Protect and a second AV scanner are is enabled.

Solution: This issue is addressed in Hotfix 7.6.405h1165239.
1161971   Issue: After you install 7.6.405, SSL negotiation with McAfee Quarantine Manager (MQM) uses TLS version 1.0. When MEG connects to the MQM using HTTPS, it negotiates at TLS v1.0.

Solution: This issue is addressed in Hotfix 7.6.405h1165239.

Workaround: Use plain HTTP communication or re-enable TLS 1.0 on the MQM server.
1164406   Issue: After you install 7.6.405, scanner nodes in a cluster do not use their configured DNS servers. Consequently, you see updates fail on that node.

Solution: This issue is addressed in Hotfix 7.6.405h1165239.

Workaround: Available by remote session.
1140807   Issue: MEG incorrectly detects a specifically formatted .docx document as corrupt, and then blocks the host email.

Solution: Fixed in Hotfix 7.6.405h1157986.
1144078   Issue: MEG incorrectly detects a specifically formatted PDF as corrupt content.

Solution: Fixed in Hotfix 7.6.405h1157986.
1133867   Issue: Multiple segmentation faults are seen on the ws_inv-smtp process:
    ws_inv-smtp[32524]: segv received with 36 frames, errno 0 tid 32547
    ws_inv-smtp[14901]: segv received with 33 frames, errno 0 tid 21015
    ws_inv-smtp[14901]: segv frame 1 : /lib64/libpthread.so.0(+0xf7e0) [0x7fe3299817e0]


Solution: Fixed in Hotfix 7.6.405h1157986.
1138950
1138957
  Issue: A segmentation fault is seen on the ws_inv-smtp process:
    May 24 11:27:08 mx00 ws_inv-smtp[4840]: segv received with 36 frames, errno 0 tid 4934.

Solution: Fixed in Hotfix 7.6.405h1157986.
1140436   Issue: A segmentation fault is seen when scanning a specifically formatted Microsoft .docx file.

Solution: Fixed in Hotfix 7.6.405h1157986.
1140749   Issue: MEG 7.6.x suffers a segmentation fault error while scanning a specifically formatted .zip file.

Solution: Fixed in Hotfix 7.6.405h1157986.
1140958   Issue: Specifically formatted .docx document is incorrectly detected as corrupt content and is blocked.

Solution: Fixed in Hotfix 7.6.405h1157986.
1142953   Issue: McAfee, Inc. replaced with Intel Corporation in customer-facing copyright notices.

Solution: Fixed in Hotfix 7.6.405h1157986.
1144205   Issue: Emails are incorrectly marked as Unscannable Content.

Solution: Fixed in Hotfix 7.6.405h1157986.
1144346   Issue: Messages with specifically formatted PDF attached are improperly blocked as corrupt content.

Solution: Fixed in Hotfix 7.6.405h1157986.
1146147   Issue: Specifically formatted Microsoft Office documents cause a SEGV error, are marked as unscannable, and are then incorrectly blocked.

Solution: Fixed in Hotfix 7.6.405h1157986.
1146361   Issue: Mailprotect incorrectly triggers on an email attachment.

Solution: Fixed in Hotfix 7.6.405h1157986.
1149385   Issue: MEG returns 550 Denied By policy - unscannable content error when a specifically formatted .docx file is attached to an email.

Solution: Fixed in Hotfix 7.6.405h1157986.
1150356   Issue: MEG 7.6.x suffers a segmentation fault error while scanning a specifically formatted  RTF file, and the mail then incorrectly triggers mailprotect.

Solution: Fixed in Hotfix 7.6.405h1157986.
1156026   Issue: MEG 7.6.x suffers a segmentation fault error while scanning a specifically formatted .xlsx file, and the mail then incorrectly triggers mailprotect.

Solution: Fixed in Hotfix 7.6.405h1157986.
1154435   Issue:  MEG 7.6.x suffers a segmentation fault error when scanning a specifically formatted .xlsx file:
segv received with 36 frames, errno 2 tid 7350

Solution: Fixed in Hotfix 7.6.405h1157986.
1140741   Issue: MEG 7.6.x suffers a SEGV error while scanning a specifically formatted .zip file.

Solution: Fixed in Hotfix 7.6.405h1157986.
1151933   Issue: In hybrid mode the conversation logs are incorrectly appended to the previous transaction when multiple mails are sent in a single connection.

Solution: Fixed in Hotfix 7.6.405h1157986.
1154152   Issue: MEG 7.6.x suffers a SEGV error when it scans a specifically formatted Microsoft Excel (.xls) file: 
    segv received with 36 frames, errno 2 tid 7350
    segv frame 1 : /lib64/libpthread.so.0(+0xf7e0) [0x7f4dff6c37e0]
    segv frame 2 : /opt/NETAeSCM/v4/lib/kvolefio.so(hSwitchFromOLE+0x18) [0x7f4decbeafb8]


Solution: Fixed in Hotfix 7.6.405h1157986.
1133855   Issue: MEG 7.6.x suffers SEGV errors when is scans specifically formatted Microsoft office files (.docx, .xls and .xlsx). You see various errors depending on the file, similar to the following:
    ws_inv-smtp[14901]: segv received with 33 frames, errno 0 tid 21015
    ws_inv-smtp[14901]: segv frame 1 : /lib64/libpthread.so.0(+0xf7e0) [0x7fe3299817e0]


Solution: Fixed in Hotfix 7.6.405h1157986.
1146187   Issue: MEG 7.6.x scans specifically formatted attachments incorrectly and triggers a mailprotect detection.

Solution: Fixed in Hotfix 7.6.405h1157986.
1144202   Issue: The MEG Unscannable Content Detection feature is incorrectly triggered when scanning certain specifically formatted Microsoft Project, Word and Visio files.

Solution: Fixed in Hotfix 7.6.405h1157986.
1150052   Issue: When MEG 7.6.x scans a specifically formatted RTF file, you see a failure in the content scanning engine of MEG, causing the message containing the RTF file to be delayed.

Solution: Fixed in Hotfix 7.6.405h1157986.
  KB79266 Issue: Changes in statistics counters and event reason codes in MEG 7.6.4

Workaround: Documented in related article.
    Issue: Messages destined for remote quarantine are stored by the MEG for longer than the quarantine clean up period (default 14 days).

Resolution: This is expected behavior. MEG does not delete messages destined for remote quarantine except upon successful delivery of the message.

Workaround: To clear the messages from the MEG appliance, either delete them manually via Message Search or reconnect MEG to Quarantine Manager (MQM) and let the messages flow from the appliance to MQM for remote quarantine.
911329   Issue: In an IPv6 environment, ePO uses IPv4 for performing tasks such as pushing policy and DAT updates (and updates fail totally on a single-stack IPv6 ePO server).
849599   Issue: Installing multiple patches by autoupdate fails on scanning blades.
907151   Issue: Policy exception hit is not shown on the conversation log for spam mail with compliance exception.
909609   Issue: Dashboard reports the bond interface state as Healthy even when constituent NIC is down (Resilient Blade).
909292   Issue: PGSQL Errors are listed in the Cluster Master messages log when connecting to the Cluster Scanner management console.
1021636   Issue: On MEG 7.6.4, when Authentication events are enabled, the appliance always logs the LAN1 IP address in syslog irrespective of the actual interface to which a client is connected over SSH.
1051130   Issue: On MEG 7.6.4, when attachment checksum calculation is enabled and a limit is configured for the number of checksums to be calculated, if the limit is reached while scanning files within an archive, the checksum for the top-level archive will not be computed.
1051426   Issue: On MEG 7.6.4, when attachment checksum calculation is enabled, Technical Support recommends that enable identification of file formats option is also enabled, to ensure that conversation logs always display the file format correctly.
1067599   Issue: When an ePO-managed appliance is upgraded or re-imaged, it shows up as a new appliance under the ePO extension's Registered Appliances.

Workaround: The old instance of the appliance will show up as not connected and can be safely deleted. This means that Set Credentials will need to be actioned for the new appliance.
1047866   Issue: Certain warning messages are listed in the Hyper-V host event logs citing version mismatch and unsupported configuration.
For example, Hyper-V Volume Shadow Copy Requestor failed to connect

Resolution: These warnings can safely be ignored, and Microsoft will provide any requisite technical support even if these warnings are logged in the system.
See page 14 of the Linux Integration Services 3.5 for Hyper-V Readme: 
http://download.microsoft.com/download/0/8/E/08EE288C-B81E-425A-85D1-67EA7155AB7E/Linux%20Integration%20Services%20v35.pdf
1076159   Issue: When you upgrade the EWG help extension on ePO, you see an error similar to Cannot upgrade extension ewg_help to version 2.4.0.010 because version 230.007 is already installed.

Workaround: Uninstall the previous version of the EWG help extension before installing the latest one.
 

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.