               Release Notes for
             McAfee WebShield E50
                    HotFix 3
              
 (c) 1998-2002 Networks Associates Technology,
          Inc. All Rights Reserved

===============================================

HotFix Release:               May 21st, 2002

This HotFix was developed and tested with:

WebShield SMTP:	 E50
DAT Version:	 4202
Engine Version:	 4160


Make sure you have installed these versions or
newer before using this HotFix.

===============================================


Thank you for using McAfee WebShield SMTP 
software. This file contains important 
information regarding this release. We strongly
recommend that you read the entire document.

The attached files are provided as is, and with
no warranty either expressed or implied as to
their suitability for any particular use or
purpose. Network Associates, Inc. assumes no
liability for damages incurred either directly
or indirectly as a result of the use of these
files, including but not limited to the loss or
damage of data or systems, loss of business or
revenue, or incidental damages arising from
their use. HotFix files should be applied only
on the advice of McAfee Technical Support, and
only when you are actually experiencing the
issue being addressed by the HotFix. HotFix
files should not be proactively applied in
order to prevent potential product issues. You
are responsible for reading and following all
instructions for preparation, configuration,
and installation of HotFix files. HotFix files
are not a substitute nor replacement for
product Service Packs which may be released by
Network Associates, Inc. It is a violation of
your software license agreement to distribute
or share these files with any other person or
entity without written permission from Network
Associates, Inc. Further, posting of McAfee
HotFix files to publicly available Internet
sites is prohibited. Network Associates, Inc.
reserves the right to refuse distribution of
HotFix files to any company or person guilty of
unlawful distribution of McAfee software
products. Questions or issues with McAfee
HotFix files should be directed to McAfee
Technical Support.

_______________________________________________
WHAT'S IN THIS FILE

-  About This HotFix
   -  Purpose
   -  Known Issues	
   -  Resolved Issues
   -  Files Included with This HotFix
-  Installation
   -  Installation Requirements
   -  Installation Steps
   -  Testing Your Installation 
   -  Removing This HotFix 
-  Contacting McAfee and Network Associates
-  Copyright and Trademark Attributions
   -  Trademarks
   -  License Agreement

_______________________________________________
ABOUT THIS HOTFIX


PURPOSE

This HotFix includes one updated archive file
for use with McAfee WebShield E50 software.
This new file resolves the issues described in
the section "RESOLVED ISSUES".

Previous HotFixes do not need to be installed
before you install this HotFix. This HotFix 
replaces all previous McAfee WebShield E50
HotFixes. 

New issues resolved by this HotFix, 

Items 53-62

KNOWN ISSUES

1. Defect number AYL00018619

   WebShield e50 and SMTP MR1a are both 
   vulnerable to TCP sequence prediction.

   To resolve this issue please download and 
   apply the Microsoft Windows SP6a Security 
   Rollup Package (SRP) from the following 
   website.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q243835


2. Defect number AYL00018787

   If a desktop Antivirus scanner is installed 
   please ensure the \WebShield SMTP\Temp 
   directory is exluded from On Access scanning.

3. Defect number AYL00017121

   If a Dr Watson occurs when attempting to
   create a new Outbreak Manager Rule. In 
   HotFix 4 a WSSMTPOb.ini file was shipped
   with a hard coded [PlugIn] reference to 
   WSSMTPOB.DLL.
   
   D:\TVD\WebShield SMTP\WSSMTPOB.DLL
   
   Please change the Plugin section of the 
   ini file to point to the corect instalation 
   path location. This is by default:

C:\Program Files\Network Associates\TVD\Webshield SMTP

4. Defect number AYL00020321

   Under all previous versions of WebShield 
   an e-mail with an invalid boundary marker
   may have been treated as OK if the boundary 
   statement could not be decoded. Under 
   HotFix 2 this behavior is changed to 
   identify the e-mail as corrupt and is 
   logged as "not scanned" and treated
   according to the GUI settings for corrupted 
   e-mail. See also RESOLVED ISSUE 53.

5. Defect Number AYL00020321

   Under all previous versions of WebShield 
   an e-mail with non RFC compliant sections
   would be passed, after HotFix 2 or later
   this behavior is changed to identify the 
   e-mail as corrupt and is logged as 
   "not scanned" and treated according to 
   the GUI settings for corrupted 
   e-mail. See also CORRUPT.RTF.

6. Defect Number AYL00020765

   If an-email is received from a machine 
   that can't be resolved via a reverse DNS
   lookup then the IP address is logged as 
   0.0.0.0. The functions of Webshield that
   use the IP address for blocking or 
   Anti-Spam prtection are unaffected, only
   the logging of the address is incorrect.
 
RESOLVED ISSUES

1.  This HotFix resolves an issue with the
    WebShield E50 deferral cycle. WebShield
    E50 uses the time (UTC) in UNIX time 
    format as part of the file name for the 
    mail. UTC time recently changed to a ten
    digit number. When the WebShield E50 
    deferral cycle happened, only the nine 
    MSB (Most Significant Bytes) were being
    read.

2.  This HotFix resolves an issue with 
    Uuencoded mail. The Uuencoded mail handler 
    has been reworked to detect and report 
    multiple infections.

3.  This HotFix adds a new feature where the
    WebShield SMTP software can now produce an
    alert when an SMTP error 421 occurs (This
    is optional).

4.  This HotFix resolves a shutdown issue seen
    with shutdown requests. Mailscan now shuts
    down correctly under load. A five minute
    timeout has been added.

5.  This HotFix resolves an issue seen with the
    SMTP connection test (HELO). This test now
    accepts multiple responses.

6.  This HotFix adds functionality to content
    filter attachment names inside MS-TNEF 
    encoded mail messages.

7.  This HotFix resolves an issue with cleaning
    MIME encoded messages that do not contain
    the usual MIME disclaimer message for non
    MIME compliant mail programs.

8.  This HotFix resolves an issue with the use
    of user variables (e.g. %VIRUSNAME%) in
    sender notification messages.

9.  This HotFix resolves an issue with
    attempting to use a quarantine directory
    with more than 83 characters in the
    quarantine path.

10. This HotFix resolves an issue with the 
    ALT + B keys highlighting the phrase 
    "Between 2,000 and 10,000 e-mail messages
    per hour" and not the radio button.

11. This HotFix resolves an issue with a Dr.
    Watson error occurring when adding more 
    than 64 content filters.

12. This HotFix resolves an issue with the
    WebShield SMTP E50 configuration wizard
    allowing non-numeric port information to be
    entered.

13. This HotFix resolves an issue with the 
    CTRL + O, CRTL + A and F1 keys not 
    correctly displaying the help pages.

14. This HotFix resolves an issue with the 
    scanning of email, and with delivery of 
    email stopping when insufficient disk
    space was available.

15. This HotFix resolves an issue with
    Outbreak Manager (OBM) repeatedly writing
    Events into the event log when the OBM 
    feature is not installed.

16. This HotFix resolves an issue with
    the reporting of items that were infected
    more than once. The scanner now reports the
    correct actions for each infection.

17. This HotFix resolves an issue with 
    wildcard usage with Anti-Spam domains. You
    can now use supported wildcards with the
    Anti-Spam feature of WebShield SMTP.

18. This HotFix adds new functionality to
    WebShield SMTP E50. A registry value named
    BannerText is now recognized. This allows
    WebShield to offer a customizable 
    connection banner of up to 506 
    characters (512 character buffer less the 
    initial "220" and "CRLF"). 
    In order to use this new functionality you 
    will need to create a new string value 
    called "BannerText" in the following 
    location:  

    HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\WebShield SMTP\MailScan\

19. This HotFix resolves an issue with SMTP
    error codes not being handled correctly.
    This resulted in mail being deferred rather
    than an alternative delivery method being
    attempted.

20. This HotFix resolves an issue with the 
    Mail Transport Logging feature not 
    properly recording all failures.

21. This HotFix resolves an issue with large
    numbers of messages in the IN/OUT and
    DEFERRED folders causing MAILSCAN.EXE to
    consume all available CPU cycles.

22. This HotFix resolves an issue with the 
    number of characters allowed in the Rcp. 
    When the Rcp. line exceeded 400 characters
    the Mailscan service failed. 

23. This HotFix resolves an issue with the
    handling of s/mime attachments which were
    being treated as corrupt.

24. This HotFix resolves an issue with the
    order of direct-send domains. If a 
    sub-domain was listed before the parent 
    domain then direct-send would ignore the 
    parent domain.

25. This HotFix resolves an issue when content 
    scanning certain mail formats. Content 
    filters were not reacting to attachments in
    a particular mail format. If that mail 
    format is detected with an attachment a 
    more thorough check is performed. 

26. This HotFix resolves an issue with the
    handling of SMTP 5xx error codes. In this 
    HotFix, if a 5xx error code is received the 
    "all other domains" relay will not be used. 
    If configured, DNS will be attempted. If 
    the mail remains undelivered, it will be 
    deferred on any 4xx, 551 or 554 error code
    received or if the mail server cannot be 
    contacted, otherwise it will be returned to 
    the sender.

27. This HotFix resolves an issue with the
    IP address logging of detected SPAM. The IP 
    address is now reported correctly.

28. This HotFix resolves an issue with direct
    send mail delivery. A mail servers hostname 
    that begins with a number will now be resolved
    correctly.

29. This HotFix resolves an issue with encoded
    subject lines and attachment names. Mailscan
    now decodes these lines correctly prior to 
    content filtering.

30. This HotFix resolves an issue with Fully
    Qualified Domain Names. Mailscan was 
    distinguishing between FQDN's and domain
    names without a trailing dot.

31. This HotFix resolves an issue with the
    security mechanism of the configuration 
    console. Access is now denied to unresolvable 
    IP addresses.

32. This HotFix resolves an issue with 
    apostrophes in attachment names.

33. This HotFix resolves an issue with large 
    recipient lists causing a buffer overun when 
    written to the mail log or virus log files.

34. This HotFix resolves an issue when content 
    filtering is enabled a Dr. Watson can be 
    generated.

35. This HotFix increases the limit on the number 
    allowable active Content Filter rule to 256.

36. This HotFix increases the number of allowable
    AntiSpam IP ranges to 2000.

37. This HotFix resolves an issue with error 250 
    being written to the log files. A more 
    accurate description is now used.

"No error code recieved, possible time-out occured" 

38. This HotFix resolves an issue with Return To 
    Sender messages being destroyed. When an RTS is 
    now generated it is placed in the IN queue and 
    will cycle as a normal e-mail message. 

39. This HotFix resolves an issue with user-defined
    fields within content headers, previously 
    treated as corrupt. The e-mail messages are  
    now scanned correctly.

40. This HotFix resolves an issue with Return To 
    Sender messages being logged as Cannot be 
    scanned.

41. This HotFix resolves an issue with WebShield 
    not using the attachment name for scanning.

42. This HotFix resolves an issue with zero byte 
    files not being replaced by WARNING.TXT.

43. This HotFix adds a mail loop detection facility.
    
    Please read the accompanying TechNote, 
    TNMAILFLOW.RTF for details on enabling and 
    controlling this facility.

    For customers using Microsoft Windows NT4.0 
    they can import/use the file LOOP.REG.
    
44. This HotFix adds an exception handling layer for
    MAILSCAN.EXE. E-mail is treated as corrupt and is 
    dealt with according to the GUI settings.

45. This HotFix resolves an issue with ".com" content
    filter rule blocking messages it shouldn't.

46. This HotFix resolves an issue with nested mime
    content scanning causing an access violation.

47. This HotFix resolves several issues with 
    UUencoded messages.

48. This HotFix resolves an error with incorrect 
    error codes being logged.

49. This HotFix resolves an issue with .TMP files 
    not being cleaned up after a file is scanned.

50. This HotFix allows an administrator to change the
    default SMTP delivery behaviour. If the registry 
    key Defer_When_Relay_Unavailable is non zero then 
    messages will be deferred and no DNS delivery 
    will be attempted after a valid relay attempt
    has failed.

51. This HotFix resolves an issue with Subject lines
    that contain characters other than US-ASCII.

52. This HotFix resolves an issue with the monitor
    not working if the mail logging is disabled.

53. This HotFix resolves an issue seen with HotFix
    2 failing to decode a boundary marker and 
    interpreting mails as corrupt which were 
    previously not treated as corrupt.  

54. This HotFix resolves an issue with WebShield
    boundary checker attempting to validate inside 
    speech mark encapsulated e-mail address local
    part. 

    "user name"@domain.com
     
    Even though the username contains an non RFC 
    compliant character <space> since it is 
    encapsulated in speech marks it is acceptable
    under the RFC. 
       
    This is now accepted as a valid e-mail 
    address.

55. This HotFix resolves an issue with a message
    being written to the Event logs every time 
    an RTS message was generated.

56. This HotFix resolves an issue with infected
    UUEncoded e-mail that contained a cleanable
    infected item. These e-mails are now cleaned 
    correctly

57. This HotFix resolves an issue with an e-mail
    attachment that has a name longer than 200 
    characters. These attachments are now scanned
    correctly.

58. This HotFix resolves an issue with UUEncoded 
    e-mail messages that have embedded END 
    strings not triggering content filters. 
    These items are now content filtered 
    correctly.

59. This HotFix resolves an issue with UUencoded
    e-mail messages that contained very long
    attachment filenames. The filename is 
    now checked.

60. This HotFix resolves an issue with 
    MAILSCAN.EXE causing 100% processor 
    utilization with e-mail messages that do 
    not contain a termination line.

61. This HotFix resolves an issue with malformed
    Mime and UUEncoded e-mail resulting in a .TMP
    file being left in the TEMP directory.

62. This HotFix resolves an abnormal termination
    issue when content filtering message subject
    lines that contained non-ASCII characters. 


FILES INCLUDED WITH THIS HOTFIX

This HotFix consists of one compressed file
WSE50HF3.ZIP. This is an archive file that
consists of the following files:

BANNER.REG
CONFLT.DLL
CORRUPT.RTF
DEFER.REG
EVENTLOGMSG.DLL
FRONTEND.EXE
HOTFIX1.REG
INVCLN32.DLL
LOOP.REG
MAILCFG.EXE
MAILSCAN.EXE
MBS.REG
OLUS0409.DLL
OLUSCONF.DLL
OLUSLIB.DLL
PREFERENCES.DLL
TNMAILFLOW.RTF
VALIDATE.TXT
WSE50HF3.TXT
WSHMR1ATN4.RTF
WSSMTPOB.DLL


_______________________________________________
INSTALLATION

The McAfee WebShield E50 software must be 
installed on your system before installing this
HotFix. It is also recommended that this HotFix 
is applied onto a clean installation of the
McAfee WebShield E50 software.


INSTALLATION REQUIREMENTS

The account used to install the HotFix must
have the Change right to the temporary location
used for expanding the WSE50HF3.ZIP file.


INSTALLATION STEPS

1.  Unzip the file WSE50HF3.ZIP to a temporary
    location on your system.

2.  Check the extracted files using the
    results from VALIDATE.EXE against the
    values in VALIDATE.TXT to ensure the
    files are not corrupted.

3.  Ensure that the WebShield E50
    Configuration Console and the WebShield
    E50 Status Monitor are both closed.

4.  Open the Services Control Panel and stop
    the following services:

    Network Associates WebShield SMTP MailCfg
    Network Associates WebShield SMTP MailScan

5.  Copy the extracted files from the
    temporary location to the installation
    directory. The default location is:

    C:\PROGRAM FILES\NETWORKASSOCIATES\TVD\WEBSHIELD SMTP

6.  Start the following services:

    Network Associates WebShield SMTP MailCfg
    Network Associates WebShield SMTP MailScan

* Optional Installation Step *

7. To enable the alert on SMTP error 421, 
   double click on HOTFIX1.REG file. This will
   merge the contents of the file with your
   registry. This feature is disabled by
   default. To enable the feature, set the
   following key to value "1".

   HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\WebShield SMTP\MailScan\SMTP_ALERT_421

   You may need to use REGEDT32 to modify
   this value.


TESTING YOUR INSTALLATION

The EICAR Standard AntiVirus Test File is a
combined effort by anti-virus vendors
throughout the world to implement one standard
by which customers can verify their anti-virus
installations.

To test your installation:

1.  Copy the following line into its own 
    file, then save the file with the name 
    EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    The file size will be 68 or 70 bytes.

2.  Next, send an e-mail message through the
    McAfee WebShield E50 server with the 
    EICAR.COM file as an attachment. The 
    McAfee WebShield E50 software should 
    detect and either delete or quarantine
    the e-mail message.

    NOTE: that this file is NOT A VIRUS. Delete
    the file when you have finished testing your
    installation to avoid alarming unsuspecting
    users.

    NOTE: E-mail messages that are in the IN
    folder when the service starts will not
    be recorded as received in the Status
    Monitor, but will be recorded in the
    delivered section.


REMOVING THIS HOTFIX

To remove this HotFix from your computer,
remove the product using the Add/Remove
programs option in the Windows NT Control
Panel. If you wish to save your current
configuration, open the WebShield E50
Configuration Console and choose File, Next,
Save To File, and specify a name for your
configuration file.

    NOTE: McAfee recommends that you do NOT
    remove the HotFix file from your
    WebShield E50 installation once you have
    installed it. If you reinstall your
    WebShield E50 software, McAfee
    recommends that you also reinstall the
    HotFix.

_______________________________________________
CONTACTING MCAFEE AND NETWORK ASSOCIATES

Technical Support
      http://knowledge.nai.com


McAfee Beta Program
   Beta Web Site
      www.mcafeeb2b.com/beta/

   E-mail
      avbeta@nai.com


AVERT Anti-Virus Research Site
      www.mcafeeb2b.com/avert


Download Site
      www.mcafeeb2b.com/naicommon/download/

   DAT File Updates
      www.mcafeeb2b.com/naicommon/download/dats/find.asp

   Product Upgrades
      www.mcafeeb2b.com/naicommon/download/upgrade/login.asp

      Valid grant number required.
      Contact Network Associates Customer
      Service


On-Site Training Information
      www.mcafeeb2b.com/services/mcafee-training/default.asp


Finding a Reseller
      www.mcafeeb2b.com/naicommon/partners/tsp-seek/intro.asp


Network Associates Customer Service
   US, Canada, and Latin America toll-free:
   Phone:   +1-888-VIRUS NO or +1-888-847-8766
            Monday - Friday, 8 a.m. - 8 p.m.,
            Central Time

   E-mail:  services_corporate_division@nai.com
   Web:     www.nai.com
            www.mcafeeb2b.com

For additional information on contacting
Network Associates and McAfee, including toll
free numbers for other geographic areas, see
the documentation that accompanied your
original product release.

_______________________________________________
COPYRIGHT AND TRADEMARK ATTRIBUTIONS

(c) 1998-2002 Networks Associates Technology,
Inc. All Rights Reserved. No part of this
publication may be reproduced, transmitted,
transcribed, stored in a retrieval system, or
translated into any language in any form or by
any means without the written permission of
Networks Associates Technology, Inc., or its
suppliers or affiliate companies. To obtain
this permission, write to the attention of the
Network Associates legal department at: 3965
Freedom Circle, Santa Clara, California 95054,
or call
+1-972-308-9960.


TRADEMARKS

Active Security, ActiveHelp, ActiveShield,
AntiVirus Anyware and design, Bomb Shelter,
Building a World of Trust, Certified Network
Expert, Clean-Up, CleanUp Wizard, Cloaking,
CNX, CNX Certification Certified Network Expert
and design, CyberCop, CyberMedia, CyberMedia
UnInstaller, Data Security Letter and design,
Design (logo), Design (Rabbit with hat), design
(stylized N), Disk Minder, Distributed Sniffer
System, Distributed Sniffer System (in
Katakana), Dr Solomons, Dr Solomons label,
Enterprise SecureCast, EZ SetUp, First Aid,
ForceField, Gauntlet, GMT, GroupShield, Guard
Dog, HelpDesk, HomeGuard, Hunter, I C Expert,
ISDN TEL/SCOPE, LAN Administration Architecture
and design, LANGuru, LANGuru (in Katakana),
LANWords, Leading Help Desk Technology, LM1,
M and design, Magic Solutions, Magic
University, MagicSpy, MagicTree, MagicWord,
McAfee Associates, McAfee, McAfee (in
Katakana), McAfee and design,  NetStalker,
MoneyMagic, More Power To You, MultiMedia
Cloaking, myCIO.com, myCIO.com design (CIO
design), myCIO.com Your Chief Internet Officer
& design, NAI & design, Net Tools, Net Tools
(in Katakana), NetCrypto, NetOctopus, NetRoom,
NetScan, NetShield, NetStalker, Network
Associates, Network General, Network Uptime!,
NetXray, NotesGuard, Nuts & Bolts, Oil Change,
PC Medic, PC Medic 97, PCNotary, PGP, PGP
(Pretty Good Privacy), PocketScope, PowerLogin,
PowerTelNet, Pretty Good Privacy, PrimeSupport,
Recoverkey, Recoverkey International,
Registry Wizard, ReportMagic, RingFence, Router
PM, SalesMagic, SecureCast, Service Level
Manager, ServiceMagic, SmartDesk, Sniffer,
Sniffer (in Hangul), SniffMaster, SniffMaster
(in Hangul), SniffMaster (in Katakana),
SniffNet, Stalker, Stalker (stylized),
Statistical Information Retrieval (SIR),
SupportMagic, TeleSniffer, TIS, TMACH, TMEG,
TNV, TVD, TNS, TSD, Total Network Security,
Total Network Visibility, Total Service Desk,
Total Virus Defense, Trusted MACH, Trusted
Mail, UnInstaller, Virex, Virus Forum,
ViruScan, VirusScan, VShield, WebScan,
WebShield, WebSniffer, WebStalker, WebWall,
Whos Watching Your Network, WinGauge, Your
E-Business Defender, ZAC 2000, Zip Manager are
registered trademarks of Network Associates,
Inc. and/or its affiliates in the US and/or
other countries.  All other registered and
unregistered trademarks in this document are
the sole property of their respective owners.


LICENSE AGREEMENT

NOTICE TO ALL USERS: CAREFULLY READ THE
APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO
THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE
LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE
GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU
HAVE RECEIVED SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT
CD, OR A FILE AVAILABLE ON THE WEB SITE FROM
WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF
YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH
IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE.
IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO
NAI OR THE PLACE OF PURCHASE FOR A FULL
REFUND.
