Current Known Issues for SEG 8.2 and 8.3


This article applies to:

  • Trustwave SEG 8.2 and 8.3

Question:

  • What are the known issues in the latest release of Trustwave SEG 8.2 or 8.3?
  • What are the latest changes and resolved issues in Trustwave SEG 8.2 or 8.3?

Resolved Issues:

Known Issues:

  • 8.3 - Unsafe legacy renegotiation disabled: The TLS/SSL library used in release 8.3.2 and above does not negotiate outbound (sender) TLS connections where the remote server only supports legacy renegotiation of TLS. The risk in legacy renegotiation is described in CVE-2009-3555. Servers that still use this legacy method are very rare.
  • Elliptic Curves: Trustwave previously suggested use of the secp521r1 Elliptic Curve for key exchange. Customers should be aware that if this is the only curve enabled, email delivery from Gmail may not succeed. This is due to Google's decision not to use the secp521r1 curve.
    • If no curve is selected, the X25519 curve will be used. This curve is widely supported and this is the default.
    • To check settings see the Inbound Security - TLS page for each mail server.
  • Engine Threads: In release 8.2.X, the "optimized" number of Engine threads is set to the number of logical processors * 2. This is a change from earlier versions, which set this value to number of logical processors + 1.
    • The new setting could cause significant increase in memory usage and may prevent the Engine starting. If memory is limited, Trustwave recommends setting the number of threads to number of logical processors + 1.
    • Also, if Sophos for Marshal is present, instances of this scanner can be created for each scanning rule for each thread. With default rules the total engine threads should not exceed 20. If additional Sophos scanning rules are present, the total threads should be reduced to ensure all required instances can be created.
  • "Filter by Type": In release 8.1 and above, due to caching of Category Script results, the "filter by type" feature of the Spam category will not work as expected for typical rulesets that use rules with different types selected.
    • The "types" are not currently provided by Trustwave, so rules using this feature do not provide any benefit and should be disabled or modified. 
    • Filtering for the "Adult" type can be accomplished with the default "pornographic language" TextCensor. 

Fixed Issues:

  • An enhancement to the PDF unpacker in all 8.X versions caused processing of some PDF documents to time out due to processing of all inline images.
    • This issue was fixed by a change in the Unpacker release 8.2.4 (February 2020).
  • In release 8.2.0 through 8.2.2, HTML message stamps configured for the bottom of messages may appear at the top, if the HTML body was not well-formed.
    • This issue is fixed in release 8.2.3 and above.
  • In release 8.1 through 8.2.2, on systems where DMARC is enabled, the Array Manager could reach a state where it cannot write files including the SpamCensor updates. Restarting the service fixes the issue for a few days.
    • This issue is fixed in release 8.2.3 and above.
  • In release 8.2.0, DMARC will not be evaluated for most inbound messages. The issue is a side effect of the intended behavior to exclude outbound messages from DMARC evaluation.
  • This issue is fixed in release 8.2.1 and above.
    • If you applied the Registry change mentioned below, you should remove it after upgrading to improve performance.
  • To work around this issue when running release 8.2.0, you can revert to the behavior of previous versions (evaluating DMARC for all messages).
    • On the SEG Array Manager, edit the Registry.
    • Navigate to HKEY_Local_Machine\Software\Trustwave\Secure Email Gateway\Default\Receiver
    • Add a DWORD value OutboundDMARCEvaluation
    • Set the value to 1.
    • Commit configuration, and then restart the Receiver service on all processing servers.
    • If you need assistance with this procedure, contact Support.
  • In 8.1 releases, the Syslog page in the Server Tool may not correctly show that a Syslog database exists, due to a credential issue.
    • This issue is corrected in release 8.2.X.

Limitations:

  • Upgrade from 7.X to 8.X on a Terminal Services server is not supported. In this scenario you can fully back up the configuration of the 7.X installation, uninstall (leaving the folder and contents in place), install the 8.X software, and import the configuration.
    • Trustwave does not recommend running SEG in production on a Terminal Services server, due to possible resource conflicts between terminal sessions and other server applications.

Notes:

  • For further assistance, contact Trustwave Support or your reseller support organization.

Last Modified 10/5/2023.
https://support.trustwave.com/kb/KnowledgebaseArticle21009.aspx