Version: 7.2, Last Revision: February 24, 2017
These notes are additional to the Trustwave ECM User Guide and supersede information supplied in that Guide.
The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20726.
For more information about additional minor features and bug fixes, see the release history.
Trustwave ECM is supported in the following environments:
Trustwave ECM is a 32 bit application.
Hardware required is dependent on Microsoft Exchange Server. Follow Microsoft recommendations. Be aware that Trustwave ECM processing has a noticeable impact on email throughput.
You may require additional hard disk space depending on your archiving and quarantine retention policies. For default policies on a typical 1000 user server, Trustwave recommends you allow an additional 50 GB of free disk space for text logs, quarantine and archiving folders.
To help ensure smooth functioning of Trustwave ECM, Trustwave recommends the following:
agents.configfile, the transport agent priorities, or the default settings for the Replay directory.
MMC /32 perfmon.msc
Direct upgrade is supported from ECM (MailMarshal Exchange) 7.0 and above.
Direct upgrade from MailMarshal Exchange (ECM) 5.X is not supported. Trustwave ECM version 7.X uses a different architecture to version 5.X.
Trustwave ECM can be installed in a variety of scenarios. For full information on uninstalling Trustwave ECM from a production environment, see the User Guide.
To uninstall a trial installation on a single computer:
The following additional items have been changed or updated in the specific build versions of Trustwave ECM listed. To check for any later information, please see Trustwave Knowledge Base article Q20726.
|MEX-912||Office 2003 documents containing embedded OLE object containers were deadlettered. Fixed.|
|MEX-952||When installing in a custom location or changing folder locations in the Server Tool, permissions were not correctly set on the folders. Fixed.|
|MEX-975||The Exchange Agent has been updated to use the Exchange 2010 version of the SDK. This change resolves an informational/best practice event that was logged by Exchange in earlier versions.|
|MEX-977||In some cases content extracted from Office documents was incorrectly identified as EMF instead of WMF, resulting in a dead lettered message. Fixed.|
|MEX-978||Handling of SQL database partitioning has been improved.|
|MEX-980||Product branding has been updated to Trustwave ECM throughout. Install and Registry locations are not changed. The default virtual directory name for the Web Admin Console has been updated (for new installations only).|
|MEX-981||The installer checks for the Trustwave root certificate and attempts to install it if necessary.|
|MEX-982||Earlier versions of the product could not access the automatic update server due to use of updated SSL signing on the server. Fixed.|
|MEX-984||Certain binary RTF message bodies could cause the Engine to stop. Fixed.|
|MEX-985||The versions of libcurl and OpenSSL used have been updated.|
|MEX-986||In some cases where an attachment was an Office 2003 document containing an embedded Office 2007/2010 document, the message was deadlettered due to an unpacking problem. Fixed.|
|MEX-987||The Agent now installs with Set-TransportService as per Microsoft best practice.|
|MEX-996||The version of SQL Express included with the installer is updated to SQL 2016.|
|MEX-999||Installation with Exchange 2007 is no longer supported.|
|MEX-1001||MSXML4 is no longer used or installed.|
|MEX-1002||The Engine service better handles stopping and restarting under load (for example with virus scanner reloading).|
|MEX-1008||Signing of executable files now uses a SHA256 certificate.|
|MEX-920||A message addressed to multiple distribution groups could be delivered to a recipient twice when released from quarantine. Fixed.|
|MEX-958||The URL for the Trustwave RSS feeds in the Console was incorrect. Fixed.|
|MEX-963||If the Controller service could not retrieve the location of the Exchange Replay directory, it could stop unexpectedly. Fixed.|
|MEX-965||The End User Licensing Agreement included in the product has been updated to the latest version.|
|MEX-955||The product installer would not run on Server 2012 R2 and Windows 8.1 due to incorrect detection of the OS version. Fixed.|
|MEX-914||Locations of the Incoming, ProcessedOK,
DeadLetter, and Sending directories set in
the Server Tool were not honored by the
|MEX-915||In earlier versions installation with Marshal Reporting Console could fail due to a problem with prerequisite checks. Fixed.|
|MEX-918||Message files could not be opened in the Console for processing node IDs greater than 9, due to a file naming error. Fixed for newly created files. Incorrectly named existing files must be renamed manually.|
|MEX-921||On nodes with ID greater than 9, MML files were incorrectly named. Fixed for newly created files.|
|MEX-923||Notification message sending could fail if the Replay folder was not in the default location. Fixed: the Controller service now periodically verifies the location of this folder.|
|MEX-925||The Unpacker has been updated to the version supplied with SEG 7.1.|
|MEX-926||The PDF unpacker DLL provided has been updated to 126.96.36.199 (this version was already provided through automatic updates).|
|MEX-927||The File Type DLL has been updated to the version supplied with SEG 7.1.|
|MEX-928||Messages with recipient address user parts over 64 characters in length could not be released from the Console. Fixed.|
|MEX-941||The installer did not correctly detect clean installations of Exchange 2010. Fixed.|
|MEX-942||Email sent by Exchange 2013 Health Check Monitors is not processed by default. For details and settings, see Knowledge Base article Q16478.|
|MEX-943||The check for excessive numbers of header lines is not performed due to Exchange 2013 behaviors that can result in large numbers of header lines.|
|MEX-944||The version of SQL Express included in installers has been updated to 2008 R2 SP2.|
|MEX-946||The Replay directory path could not be determined correctly if more than one Exchange server was present in the AD environment. Fixed.|
|MEX-950||New installations of Web Components bind the website to port 82 (because Exchange 2013 uses port 81). Upgrading does not change the existing binding.|
|MEX-951||Messages affected by the issue described in MEX-883 are now processed normally by default.|
|MEX-902||The check for email files orphaned by a system halt was checking an incorrect folder. Fixed.|
|MEX-903||The PDF unpacker DLL provided has been updated from 4.0 (in version 7.1.0) to 4.1.|
|MEX-904||In version 7.1.0, PDF attachments with Unicode characters in the filename were not unpacked and scanned. Fixed.|
|MEX-908||In version 7.1.0, a message with duplicate email addresses (addressed to the same recipient more than once) would not be delivered in some cases. Fixed.|
|MEX-831||Return of messages from the Engine to the Agent (and to Microsoft Exchange) now uses a new, faster process.|
|MEX-848||Some information has been removed from the standard (not debug) view of service text logs, to enhance readability.|
|MEX-850||Category Scripts that searched the message body using Regular Expressions (RegExpBody) did not check TNEF bodies. Fixed.|
|MEX-863||Messages with attached Office 2003 documents that contained embedded Office 2007/2010 documents were deadlettered. Fixed.|
|MEX-864||When services failed unexpectedly, some service logging information was not correctly cleaned up on restart. Fixed.|
|MEX-883||In rare cases a message was wrongly reported as corrupt when sent between Exchange hub servers in the same domain with different Exchange versions and separate MailMarshal Exchange arrays. Fixed: Contact M86 Support for a setting to allow these messages.|
|MEX-892||Messages with attached Office 2003 documents that contained embedded Office 2007/2010 documents were deadlettered. Fixed.|
|MM-108||Many images are now extracted from PDF documents.|
|MM-1567||PDF unpacking now handles Unicode.|
|MM-2236||Some PDF files caused recursion in the Engine and could not be unpacked. Fixed.|
|MM-2363||The version of 7zip (archive unpacker) included with MailMarshal has been updated to 9.20. This version handles additional compression formats.|
|MM-2834||PDF files with limitations on printing and other functions were incorrectly identified as Encrypted PDF. Fixed.|
|MM-2837||Image Analyzer has been updated to version 5.|
|MM-2859||Binary files are now better recognized as type COM or EXE.|
|MM-2977||PDF Xref detection is improved.|
|MM-3332||Engine logs for each message are now stored in the message file. The Console message viewer displays the available information in a separate tab.|
|MM-3367||Certain Office 2007 documents were not recognized due to internal structure. Fixed.|
|MM-3387||SQL code for database creation and upgrade is now within a transaction to allow easier rollback if problems are encountered.|
|MM-3410||DBlog files now correctly handle larger content.|
|MM-3419||Office 2007 files generated through the OpenXML SDK were not correctly unpacked. Fixed.|
|MM-3422||PDF unpacking has been improved, notably for Unicode and some encodings of images.|
|MM-3427||The MailMarshal database now supports index partitioning if installed on SQL Server Enterprise Edition (for new databases only).|
|MM-3456||User Defined and custom document properties are now unpacked and scanned in Word 2003 and Word 2007 documents.|
|MM-3472||The Server Tool now checks the validity of the configured database on startup (this allows the database to be re-created when the SQL server has been rebuilt).|
|MM-3494||Word documents encrypted with IRM in Word 2007 (2003 compatibility mode) were deadlettered. Fixed: these documents are correctly recognized.|
|MM-3513||Messages quarantined with a default release action of "skip remaining rules" were not reprocessed as requested upon release. Fixed.|
|MM-3514||Console Dashboard data was never purged from the database. Fixed.|
|MM-3538||The certificate used to sign executable files has been updated.|
|MM-3539||The message parking feature logged redundant messages when a message was unparked. Fixed.|
|MM-3550||Logging of low disk space warnings has been enhanced for readability.|
|MM-3551||The Array Manager could stop unexpectedly if a new database was created and configuration was not synchronized. Fixed.|
|MM-3598||PDF unpacking has been enhanced. Images, attachments, and annotations are unpacked.|
|MM-3604||Deadlettered messages can be passed through to users by rule action.|
|MM-3612||The integration with Norman Endpoint Protection is updated.|
|MM-3613||Retention and permissions for Deadletter folders are now set through the Configurator.|
|MM-3628||EMF files are now correctly unpacked and the contents are scanned. See also MM-3725.|
|MM-3649||Additional logging has been added in the Engine service for Dead Letter rule processing.|
|MM-3684||Error messages logged to the Event Log could cause issues due to recursive substitution of variables. Fixed.|
|MM-3696||PDF unpacking has been improved. Incorrect character strings are no longer present.|
|MM-3697||PDF unpacking now supports "linearized" PDF.|
|MM-3699||Selecting the default message digest template for new digests loaded additional incorrect characters. Fixed.|
|MM-3705||The Console and Configurator now use the terms "Content Analysis Policy" or "Content Analysis Log".|
|MM-3712||A more descriptive logging message is written by the Array Manager on shutdown when the SQL database is unavailable.|
|MM-3725||Files unpacked from EMF files (MM-3628) are only saved and scanned if they are of a recognized type. Type BIN (unknown) files are not saved.|
|MM-3770||Upgrade now provides more user friendly information about status during database upgrade.|
|MM-3771||Upgrade now provides more user friendly information about status while calculating time required for database upgrade.|
|MEX-810||Upgrade required a restart to replace the Transport Agent. Fixed - no restart will be required.|
|MEX-817||Installation could fail because it did not correctly check that the local Exchange Server was configured with the Hub Transport role. Fixed.|
|MEX-819||Out of Office messages and other messages with a blank Sender field could result in a .BAD file in the Replay directory. Fixed.|
|MEX-827||Exchange Server did not generate delivery reports because MailMarshal Exchange did not copy recipient DSN data to the message envelope. Fixed.|
Copyright © 2017 Trustwave Holdings, Inc.
All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.
Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.