Barracuda Spam & Virus Firewall Release Notes


PLEASE READ BEFORE UPGRADING

*Before upgrading to newer versions, be sure to make a backup of your configuration and read all release notes that apply to versions more recent than the one currently running on your system.
*Before upgrading, BE SURE TO TAKE THE BARRACUDA SPAM & VIRUS FIREWALL OFFLINE. This will ensure that the inbound queue is emptied and all messages are scanned before the upgrade process begins. See the BASIC > Administration page for the Offline button.
*DO NOT MANUALLY REBOOT YOUR SYSTEM at any time during an upgrade, unless otherwise instructed by Technical Support. The update process typically takes only a few minutes after the update is applied. However the process can take up to 30 minutes for systems that have thousands of user accounts. If the process takes longer, please contact Technical Support to investigate.

Upgrading to Version 3.5

*Due to numerous internal changes, once you have installed a version of 3.5 on your system it is NOT recommended for you to revert to or otherwise re-apply any 3.4 (or earlier) firmware version. Doing so can cause you to lose Message Log data, message content and some historical information. Please contact Technical Support prior to any attempt to return to the 3.4 firmware series.
*Clustering between a 3.5 system and a non-3.5 system is not possible. If one of the machines in a cluster does not see the firmware as available, please contact Technical Support. All members of a cluster should be running the same build version to obtain best results.
*Before upgrading from a non-3.5 release, please take note of the following internal changes:
*The contents of any message that was in the Message Log of a 3.4 system at the time of upgrade will be visible on a 3.5 system. However, the data for any message that was already purged from the Message Log, as well as all Message Log data from 3.3 (and earlier) systems, will not be preserved upon the upgrade to 3.5.
*If upgrading from a release prior to 3.3, your Bayesian databases (both admin and user-specific) will not be preserved. Resetting the databases from time to time makes Bayesian filtering more effective and up-to-date with the latest spam patterns. To use Bayesian, you must start with a new dataset of at least 200 received messages marked as "spam'' and at least 200 marked as "not spam''. As with previous versions, Bayesian filtering will NOT take effect until 200 or more of each spam and not-spam messages are marked as such on the BASIC > Message Log page.
*As of version 3.5.10.016, all DNS queries are now done directly. This can cause delivery failures and lost mail if hostnames are used in the configuration that are only resolvable through internal DNS. If using such a configuration, after upgrading to 3.5.10.016 or higher, please go to the BASIC > IP Configuration page and set the Use Only These Servers setting to "Yes". This will force the Barracuda Spam & Virus Firewall to use the internal DNS servers.
*As of version 3.5.12, the following configuration changes will be made on ALL SYSTEMS upgrading from a pre-3.5.12 release. Because of this, it is HIGHLY RECOMMENDED that you create a new backup of your configuration after you upgrade to firmware version 3.5.12. Otherwise, restoring a backup made from a previous firmware version could inadvertently reverse these setting changes:
1Any spamhaus.org listing for sbl, xbl, or sbl-xbl that may currently be in your Custom External RBLs section will be REMOVED. If you wish to continue using any of these, you can manually re-enter them on the BLOCK/ACCEPT > IP Reputation page. Any other spamhaus.org entry that you may have added (such as zen or pbl) will remain in your settings and will not be affected.
2The Send Bounce option will be SET TO NO on all systems, regardless of your previous setting. If you wish notifications to go out to any sender whose email was blocked, you can re-enable this option from the BASIC > Spam Scoring page, in the Spam Bounce (NDR) Configuration section.

NEW TO VERSION 3.5

3.5.12:

*Invalid Bounce Suppression. The Barracuda Spam & Virus Firewall can be configured to reject all Non-Delivery Receipts (NDRs) except those for messages verified to have been sent or relayed out from that particular Barracuda Spam & Virus Firewall or from a partnered Barracuda Spam & Virus Firewall.
*Character Set Blocking. Administrators can determine the action to take on a message based on the language and character set detected in the message itself.
*Reverse DNS Blocking. Administrators can determine the action to take on a message based on the originating country, as determined by a Reverse DNS query of the sender's IP address.
*Enhanced Intent Analysis. New improvements to the Intent Analysis engine includes the ability to specify additional URL patterns that should undergo Intent Analysis and the ability to exclude specific URLs.
*The Syslog, which includes data related to mail flow, gives the month, day and time of each event for all models except for the model 1000, which also includes the year in the date.

3.5.11:

*Attachment filtering enhancements. All attachments which start with a leading 'dot' (e.g. ".exe") are only checked against filenames. Entries without the leading dot are checked against the file type as determined by content inspection. At this time, files within archives are still blocked only on content identification.
*DomainKeys. Support for DomainKeys including the ability to take action on incoming messages based on verification of DomainKeys.
*Native recipient validation. In addition to using standard recipient verification methods such as LDAP, recipient verification can now also be done by specifying a list valid email addresses directly on the Barracuda Spam & Virus Firewall.
*Remote POP account support. The Barracuda Spam & Virus Firewall can now scan email retrieved via POP3 or IMAP.
*Advanced Email Server handling. A failover email server can be designated on the Barracuda Spam & Virus Firewall, and individual domains can be assigned multiple email servers for load balancing.
*Manual Alias Linking. Specific domains on the Barracuda Spam & Virus Firewall can be treated as aliases of one domain, without needing to link all domains to the same one.
*Trusted forwarder exemptions. Allows internal mail relays located in front of the Barracuda Spam & Virus Firewall to be exempted from rate control, SPF sender authentication tests, and IP reputation checks (including the Barracuda Reputation Services and other external blacklists). If used in conjunction with Full Header Scanning, IP checks will be performed on only the last non-trusted relay that handled the incoming message.

3.5.10 and earlier:

*Improved DNS lookups. Enable DNS caching by default for improved lookup times. Fall back to specified nameservers if unable to reach root nameservers. See warning above regarding this change in behavior.
*Barracuda Real-Time Protection. Also known as Zero-Hour protection, this real-time interaction with Barracuda Central for information on new virus signatures and spam fingerprints allows for the fastest possible response time to new virus and spam outbreaks.
*Improved Cluster Management. Enhancements include increased performance, encrypted connections, and sturdier synchronization of quarantine content.
*Longer Message Log history. The Message Log is now stored as a circular buffer constrained by disk storage rather than a fixed number of records, usually resulting in a significantly longer Message Log buffer.
*Journaling. The Barracuda Spam & Virus Firewall now has the ability to send a copy of all legitimate email to an archive such as the Barracuda Message Archiver.
*API updates. Enhancements to the API in the latest 3.5.10 releases include support for multiple simultaneous API calls, such as those for domain setting modifications.
*Multiple administrative conveniences. Based on user feedback, many small changes have been made to the Administrative interface, including the addition of the "Bulk Edit" button for certain fields; the ability to specify multiple syslog servers; and the ability to submit spam messages to Barracuda Central without affecting the global Bayesian database.

Version 3.5.12

Note: All systems upgrading to this release will be subjected to the configuration changes noted in the "Upgrading to Version 3.5" section above. If you do not wish to keep these changes, they can be reversed by going to the appropriate page and re-entering your desired values. After the new firmware has been applied, make sure to create a new backup of your configuration so that you will have a backup file with the setting modifications made by this firmware upgrade.


Known Issues:

Build 024:

*Fix: Various multibyte issues resolved.
*Fix: Restored ability to view attachments in the View Source tab for a selected message in the Message Log. [38457]

Build 023:

*Fix: SNMP queue monitoring now functions properly.
*Fix: Release notes link now works in Security Definitions Updates section.

Build 022:

*Enhancement: Support for disabling of low-grade encryption key ciphers (SSL).
*Fix: The "Reason" field in the Message Log and Message Viewer is now clearly displayed. [37234]
*Fix: Japanese language reports (GUI & Email) are now correctly rendered. [37317]
*Fix: The description of the Rate Control setting is now correct in the Web interface. [37725]
*Fix: Chinese characters are now displayed correctly in Header and Subject. [37559]
*Fix: Corrected NDR formatting for Full Outbound mode so that MS Exchange server can interpret bounce (NDR) messages properly. [25465]
*Fix: Quarantine usage is now updated correctly for all users.
*Fix: Various Japanese, Taiwanese and Chinese localization issues resolved.
*Fix: Static Routes now take effect properly.
*Fix: Resolved issue with port forwarding.
*Fix: Japanese "Action", "Reason", "Delivery" fields in the Message Log are now rendered accurately. [36935]
* Change to syslog output: The Web syslog shows high byte ASCII characters in octal and the mail syslog shows multi-byte characters as raw data.

Build 014:

*Fix: Whitelisting now takes precedence over Spam Fingerprint filtering. [35288]
*Fix: Extra line breaks no longer added to plain text messages of over a certain size. [33810]

Build 012:

*Enhancement: APC UPS devices via USB are now supported.
*Feature: Branding changes to reflect the product name change to Barracuda Spam & Virus Firewall in product logos, default database values, and standard email templates.
*Fix: Potential security issue in Barracuda Console Configuration tool resolved. Reported by Jon Oberheide <jon@oberheide.org>.
*Fix: APC UPS was not recognized by models 300/400 and model 800. [33060]
*Fix: Now honors outbound BASIC > Administration > 'SMTP host/Smarthost' for mail delivery when relaying (recipient domain is not on the box). Before this, the system would only deliver quarantine messages and bounce messages to the smarthost. [34421]
*Fix: In the API, config_set_bulk.cgi now works correctly for per-user settings (when the 'account' parameter is specified).
*Fix: Improved protection against cross site scripting (XSS) attacks. [33301]

Build 010:

*Feature: The 'Check SPF for Bounce Recipients' has been enhanced. It will now only send the Spam bounce if there is an spf record for the sender and the spf record passes.
*Fix: The 'Envelope From' sender is now added as an X-Barracuda-Envelope-From header to the message [27011]
*Fix: In full outbound mode, BATV checks are no longer performed. BATV tags are still applied for outgoing messages. NDR's from trusted relays used to be rejected as 'invalid bounce' because the tag was missing [26007]
*Fix: Strict enforcement of SPF for backscatter prevention [13740, 22210]
*Fix: Spoof protection works differently for subdomains: when 'envelope-from' is 'x@subdomain.y.com' and recipient is 'x@y.com', mail will not be blocked [21552]
*Fix: BASIC > IP Configuration > Test Configuration returns correct results for the Default Mail Server test section [21309]
*Fix: "Success" or "Failed" messages will print when attempting to connect to Barracuda Central through the console configuration utility [26143]
*Fix: When attempting to send email reports, errors will now propagate to the ADVANCED > Task Manager page in the Web UI [27060]
*Fix: If there is a problem with the mail relay or it is improperly configured, the generated report emails will time out instead of waiting indefinitely [26135]
*Fix: While in offline mode, configuration changes will not cause MTA to restart [25982]
*Fix: Rate control violations will now always return a '421' SMTP error to the client, instead of sending a '5xx' error, after reaching twice the threshold set for rate control [10157]
*Fix: Additional help file updates and translations for Japanese language

Build 007:

*Enhancement: Included Barracuda Plugin v2.2.0.0
*Fix: Addressed a minor RAID GUI display issue [23484]
*Fix: Improved performance of rate control process [62571]
*Fix: Fixed various translation and documentation issues

Build 006:

*Fix: Addressed issue with intent analysis
*Fix: Improved support for EmailReg.org [19135]
*Fix: Addressed issue with processing large compressed attachments
*Fix: Improved multiple cryptography modules

Build 005:

*Fix: Various model 1000 fixes [23588, 23344]
*Fix: Addressed issue with multi-level redirect in Intent Analysis

Build 004:

*Fix: Various fixes for model 1000 RAID support
*Fix: Improved DNS queries and caching abilities
*Fix: Improved SMTP test feature [22681]
*Fix: Resolved issues with LED status lights [6579]

Build 003:

*Fix: Fixed blocking precedence in Reverse DNS Blocking feature [22396]
*Fix: Fixed unneccesary restarts of recipient verify process [22464]

Build 002:

*Feature: Full URL module added. [17518]
*Fix: Resolved issue where temporary files were not cleaned up
*Fix: Resolved issue with restoring list of valid recipients [20744]
*Fix: Resolved issue with BATV tag expiration [21754]

Build 001:

*Feature: Invalid Bounce Suppression on Barracuda Spam & Virus Firewalls used for relaying outbound emails. Enabling this feature with a special password on the new "BLOCK/ACCEPT > Sender Authentication" page will cause all incoming NDRs to be rejected by the Barracuda Spam & Virus Firewall, except those for messages that originated from itself or another Barracuda Spam & Virus Firewall that uses the same special password.
*Feature: Ability to take action on a message based on its language, or character set. Configured on the "ADVANCED > Regional Settings" page, messages can be blocked, quarantined, or tagged on the basis of the characters detected in the message itself.
*Feature: Ability to take action on a message based on the originating country, as determined by a Reverse DNS query of the originating IP address. Configured on the new "BLOCK/ACCEPT > Reverse DNS" page, messages can be blocked, quarantined, or tagged on the basis of the country or TLD to which the source IP address resolves.
*Feature: Ability to specify full URLs to be exempted from Intent Analysis.
*Feature: Ability to specify URL patterns that should undergo Intent Analysis.
*Feature: Ability to configure a Loopback Adapter, useful when using the Barracuda Spam & Virus Firewall with a Barracuda Load Balancer in Direct Server Return.
*Enhancement: Ability to force SMTP/TLS connections for specific domain on models that support per domain settings. [20354]
*Enhancement: Weak SSL ciphers and SSLv2 for SMTP over TLS are disabled by default. [9572]
*Enhancement: Administrators will no longer be able to add any domain listed in the Domain Manager to the list of whitelisted Sender Domains. If you regularly have incoming messages from your own domains, the IP addresses of the sending mail servers should be whitelisted rather than the domain names. [18976]
*Fix: The "Reject Fake Sender Domain" feature was removed to avoid denial of service attempts in modern spam campaigns.
*Fix: Resolved issue that prevented a configuration backup from getting created on certain systems that did not have any Valid Recipients specified. [14649]
*Fix: Resolved issue with POP-based Single Sign-On accounts that in certain situations enabled administrator privileges to specific usernames. [11187]
*Fix: Message Log searches that include an escaped single quote will now return the expected results. [20124]
*Fix: Removed misleading "Outside Connectivity" test from the "Test Configuration" button. [19289]
*Fix: Resolved issue that prevented certain Japanese characters from being used in comments for certain entries. [18233]
*Fix: Removed case sensitivity from Valid Recipient listings. [20243]
*Fix: Updated various helpfiles.

Version 3.5.11

Build 025:

*Note: Entries made on the Explicit Users page for native recipient verification will not be synchronized across a cluster.
*Enhancement: Increased performance of Realtime Intent Analysis.
*Enhancement: Ability to specify a port when using the SMTP Auth Proxy method for SMTP Authentication. [18027]
*Enhancement: Increase quarantine notification font size. [17937]
*Enhancement: Clarify recipient verification deferrals in the Message Log display.
*Enhancement: Support for timezone changes for Chile and Pakistan.
*Fix: Security - Resolved potential cross scripting vulnerability in the LDAP test script called from the Web GUI when no Administrator IP/Range has been configured. Discovery credited to: Information risk Management : research@irmplc.com : www.irmplc.com. Discovery date: 24 April 2008
*Fix: Resolved issue causing corruption to Bayesian tracking database that would result in immediate failure of message classification.
*Fix: Increase recipient verification resources for decreased LDAP deferrals. [16208]
*Fix - Outbound: Resolved issue preventing configuration backups for Outbound models. [15225]

Build 020:

*Enhancement: Improved performance for all models through decreased memory utilization and reduced disk utilization.
*Fix: Safeguard against malformed URLs which, when present in a message, could delay processing of subsequent messages.

Build 019:

*Enhancement: Added support for Windows 2003 in automated backups. [16547]
*Fix: Resolved issue preventing LDAP based Single Sign-On from functioning due to earlier fixes in 3.5.11 firmware. [17513]
*Fix: Removed the "Requeue" button from "BASIC > Administration" as the system will automatically requeue messages as necessary.

Build 018:

*Fix: Resolved issue that could cause attachments within archives to be processed regardless of the setting. [14386]
*Fix: Addressed issue preventing recipient whitelists from overriding Barrcuda Reputation blocks.

Build 017:

*Fix: Removed alternating row colors from log and user/domain display pages. [16624]
*Fix: Resolved issue preventing "System Configuration" or "Valid Recipients" backups from completing on some systems. [15789]
*Fix: Resolved issue in the "Top RBL Matches" report that resulted in inaccurate categorization. [16539]
*Fix: Resolved issue preventing recipients with numbers at the start of their domain from being added into the "Valid Recipients" section. [16922]
*Fix: Consistently display 4 weeks of 'Daily Mail Statistics' during all months. [11257]

Build 016:

*Fix: Resolved issue preventing model 100 systems from auto-adding users to the system. [17024]

Build 015:

*Fix: Corrected issue from 3.5.11.014 where attachment filtering wasn't performed unless 'Block' or 'Quarantine' of 'Extensions In Archives' was enabled. [17008]

Build 014:

*Enhancement: Models which do not contain per-user features no longer explode multi-recipient messages into multiple messages. This results in a performance increase for systems that receive many multi-recipient emails yet have no per-user features. [12009]
*Fix: Resolved issue that could result in Message Log columns changing width upon upgrade to 3.5.11 firmware. [16407]
*Fix: Addressed errors that could occur during post-install of a new firmware. [16821]

Build 013:

*Enhancement: Added ability for the administrator to reset all individual Bayesian databases, in addition to resetting just the global Bayesian database. [14068]
*Fix: Restored scoring of messages sent to subdomains that were not explicitly listed in as an accepted email recipient domain. Scoring rules specified for wildcarded subdomains are now applied only when the specific subdomain is not listed as a separate entry. [14552]
*Fix: Messages that could have been blocked due to multiple reasons now report the first encountered reason for the block rather than "Invalid Recipient". [14073]
*Fix: Search filters that contain only a single question mark ("?") in the search pattern now return the desired results. [15600, 16051]
*Fix: Removed case sensitivity when evaluating email addresses in the "Valid Recipients" section. [14220]
*Fix: Improved handling of email addresses with non-standard characters. [13100, 14899, 15159]
*Fix: Improved processing of attachments in both English and non-English messages. [13868, 15972, 16045, 16401, 16480]
*Fix: The "Last Message" time is now preserved even after a "Clear Statistics" has been initiated. [15547]
*Fix: Prevent multiple deliveries of quarantined messages with multiple recipients that are released by the administrator. [16403]
*Fix: Repaired restoration of deleted users from a backup configuration file. [13536]
*Fix: Improved handling of quarantined non-English emails. [15996]
*Fix: Repaired custom colors in quarantine summary emails. [7587]
*Fix: Restored ability to upload a custom logo of up to 100K. [14808]
*Fix: Repaired the "Test SMTP" button. [15957]
*Fix: Updated various helpfiles.
*Fix: Updated various GUI translations in all languages.
*Fix: Outbound - Enabled the "messages per page'' preference item for the quarantine view. [10061, 10256]

Build 011:

*Enhancement: Added ability to specify a subnet mask for Trusted Forwarder entries. [7500]
*Fix: When a From header includes both a quoted name and a bracketed address, the quoted name is no longer checked against sender whitelists. [10929, 11034]
*Fix: Messages blocked during the sender verification stages now reflect the recipient information in the Message Log. [15343]
*Fix: Repaired automated FTP backup scheduler. [15031]
*Fix: Minor UI adjustments for alignment issues that are apparent only when using a non-English UI.

Build 009:

*Fix: Resolved issue that was affecting the stability of SMTP connections. [15116]
*Fix: Repaired the Back/More buttons in the Message Log. [14972]
*Fix: Improved handling of multi-byte characters in Reports. [15030]
*Fix: Modified the daily reports delivery process to reduce the possibility of missing reports.
*Fix: Messages rejected due to message size are now properly identified as such in the Message Log.
*Fix - Outbound: Resolved issue that was preventing quarantine notifications from going out in any language other than English. [14622]

Build 008 (beta):

*Feature: Ability to specify trusted forwarders that are to bypass IP address analysis (rate control, SPF sender authentication, and IP reputation tests). Full Header Scanning will now look for the mail relay not listed in the "BASIC > IP Configuration" page that last processed the incoming message and perform IP address analysis on that mail relay only, instead of on all relays that were declared in the message headers.
*Enhancement: End-user interface is now available in Danish. [3947]
*Fix: Restored ability to use the Barracuda Spam & Virus Firewall in full Outbound mode.
*Fix: Custom logos are no longer lost upon firmware upgrade. [12440]
*Fix: Improved several filters in the Message Log including the "Reason Contains" and "Time Range" filters, and any searches that look for extended-ASCII characters. [14044, 14129, 14376]
*Fix: Restored handling of keywords that contain extended-ASCII characters. [13873]
*Fix: Improved protection against DOS attacks by modifying how incoming connections that exceed Rate Control settings are handled. [14136]
*Fix: Repaired the "Bulk Edit" button. [14578]
*Fix: Improved synchronization of Bayesian databases across a cluster, particularly when initially creating a cluster. [1192]
*Fix: Restored cluster status display. [12939]
*Fix: Restored administrator ability to re-deliver messages blocked due to intent. [13595, 14185]
*Fix: Removed misleading "Configuration Updated" message from all pages. [13473]
*Fix: Improved algorithm for detecting extensions within archives. [11266, 14560]
*Fix: Improved synchronization of messages counts across a user's Quarantine Inbox, the Quarantine Summary, and the administrator's Account View. [13762]
*Fix: Restored ability to advance one page in the Message Log. [14379]
*Fix: Restored ability to specify the SMTP/SmartHost port. [14727]
*Fix: Improved handling of encoded Subject lines. [13790]
*Fix: Strengthened compliance with PCI regulations. [14210]
*Fix: Updates to various helpfiles and UI labels.
*Fix: Updates to UI translations for various languages, including Russian, Spanish, and Japanese.
*Fix - Outbound: Restored header information in the Message Details for outbound messages. [14260]
*Fix - Outbound: Forwarding a quarantined message to a blank email address now produces the appropriate error message. [14322]
*Fix - Outbound: Restored the "Preferences" button for the Message Log. [12842]

Build 004 (beta):

*Enhancement: UI interface is now available in Polish. [13472]
*Fix: Messages blocked due to Intent because of a re-directed URL now also lists in the reason the ending URL that triggered the Intent. [12820]
*Fix: Prevent the same URL from being listed more than once in the Intent Exemptions list. [1871]
*Fix: Items in the Intent Exemptions list are now displayed in alphabetical order. [13309]
*Fix: Prevent hidden whitespace at end of various entries from getting saved. [12527]
*Fix: Prevent more than one realm from being specified as the default realm for Single Sign-On. [12677]
*Fix: Resetting the global Bayesian database no longer resets the individual user's Bayesian database as well. [13220]
*Fix: Repaired various filters in the Message Log, including "Score Matches" and those related to the Subject line. [13962, 14049]
*Fix: Improved the validation of entries modified via "Bulk Edit". [14047]
*Fix: Updates to UI translations for various languages, including German, Hungarian, and Japanese.

Build 002 (beta):

*Feature: Support for DomainKeys has been added. Configured on the "ADVANCED >Email Protocol" page, settings include what action to take with a signed message that fails verification, as well as disabling this inspection method altogether.
*Feature: Native recipient verification is now available. Email recipients can be validated against a list of email addresses specified directly on the Barracuda Spam & Virus Firewall, in addition to methods such as LDAP.
*Feature: Emails retrieved from a remote email server using POP3 or IMAP can be sent through the Barracuda Spam & Virus Firewall for spam scanning prior to delivery to your local inbox. Note that this feature cannot be used when "LDAP Routing" is enabled.
*Feature: Multiple email servers can be specified for a particular domain for load balancing and a failover email server can be designated for use whenever the destination email server for a domain is unreachable. Each entry in a list delimited by commas (",") or semi-colons (";") will used in round-robin fashion, with relative weights determined by the number of times a particular entry is listed. A list separated by spaces (" ") will be treated as a failover list, with an entry getting used only if all entries preceding it in the list are unreachable.
*Enhancement: Domains can be designated as aliases of another accepted domain on the Barracuda Spam & Virus Firewall, and specific email addresses can be configured as aliases to another email address.
*Enhancement: The quarantine welcome email to new users now supports HTML messages. [11004]
*Enhancement: The Energize Updates page now lists the complete timestamp (date and time) of when the definitions were generated. [9636]
*Fix: When using the SMTP authentication method "SMTP AUTH Proxy", the Barracuda Spam & Virus Firewall will treat an unresponsive SMTP proxy server as an authentication failure. [12105]
*Fix: Improved keyword filtering for non-English phrases. [12244]
*Fix: Improved the "Score Range" filter of the Message Log. Supported ranges now include negative values, and both the upper and lower limits are now treated as part of the search so that search results will include messages whose scores match the upper or lower limit. [12728, 13667, 13919]
*Fix: Resolved issue that made it appear as though a guest user could delete user accounts. [13163]
*Fix: Blocking attachments with the extension ".dat" no longer blocks messages containing .pdf files. [4725]
*Fix: Blocking attachments with the extension ".exe" no longer blocks messages containing .dll files. [6093]
*Fix: Messages that are blocked due to a Subject or Header keyword will bypass any further processing of the message body. This means that body keyword Whitelists will NOT override Subject or Header blocks. [9003]
*Fix: Messages containing unrecognized character encodings will now undergo additional processing rather than being deferred. [10799]
*Fix: An occasional problem where BCC information was revealed when viewing quarantined messages has been resolved. [11019]
*Fix: Spaces are no longer inserted on the left of each line in the source view for a message. [10790]
*Fix: Restored the quarantine usage graph in Spam Quarantine Summaries that are sent to an alternate quarantine notification address. [10002]
*Fix: Automatic backups now only start when enabled with the on/off checkbox. [10485]
*Fix: Improved calculations for the first hour of statistics in the Daily Traffic Reports. [10395]
*Fix: Less-than (<) and greater-than (>) signs are properly encoded in the Message Queue display. [9565]
*Fix: Updates to various helpfiles and UI labels. Most notably, the "ADVANCED > SSL" page has been renamed to "Secure Administration".
*Fix: Updated various UI translations, including Japanese, Chinese, German, and Russian. [12124]
*Fix: Outbound - Messages delivered from the Global Quarantine Inbox via the "Deliver" link are now both delivered and removed from the inbox. [12275]
*Fix: Outbound - The 'Sender Whitelisted' column of the Message Log now reflects the current whitelist status of the sender. [8911]

Version 3.5.10

Build 030:

*Fix: The "Daily Mail Statistics" now reflect 4 weeks worth of data. [11257]
*Fix: Updates to various English and Japanese helpfiles.
*Fix: Updates to UI translations for all languages.

Build 029:

*Fix: Resolved issue that could result in excessive memory consumption in the scanning process and delay mail flow if left unchecked.
*Fix: Addressed issue found in 3.5.10.027 that would cause cluster status to be saved as a localized string thus implying a constant 'StandBy' mode.

Build 027:

*Fix: Addressed issue from 3.5.10.026 that could result in degraded mail flow and an increase in MAIL/LOG partition usage.
*Fix: Resolved issue that could cause recipient verification to hang when LDAP searches do not receive a response from the server and are unable to be abandoned.
*Fix: Delivery of multiple recipient items from per-user quarantine are now sent to only the account owner instead of all recipients on the message.

Build 026:

*Feature: Ability to specify trusted forwarders that are to bypass IP address analysis (rate control, SPF sender authentication, and IP reputation tests). Full Header Scanning will now look for the mail relay not listed in the "BASIC > IP Configuration > Trusted Forwarder Configuration" section that last processed the incoming message and perform IP address analysis on that mail relay only, instead of on all relays that were declared in the message headers.
*Enhancement: Updated Outlook Plugin to version 2.1.0.9, containing expanded support for Microsoft Vista. [15469]
*Fix: When a From header includes both a quoted name and a bracketed address, the quoted name is no longer checked against sender whitelists. [10929, 11034, 13432]
*Fix: Whitelisting messages via the "Whitelist" button no longer automatically marks the message as "Not Spam". [13825]
*Fix: Improved the "Score Range" filter of the Message Log. Supported ranges now include negative values, and both the upper and lower limits are now treated as part of the search so that search results will include messages whose scores match the upper or lower limit. [12728, 13667, 13919]
*Fix: Improved handling of user passwords that contain Japanese or Cyrillic Characters. [15319]
*Fix: Repaired the Top SPF Violations Report. [12241]
*Fix: Disabled unused cluster ports. [15597]
*Fix: Minor UI adjustments for alignment issues that are apparent only when using a non-English UI.
*Fix: Updates to various English and Japanese helpfiles.
*Fix: Updates to UI translations for all languages, especially Japanese.