Igaware Linux Small Business Server + UTM Firewall

New in Version 13.0.4-btrfs [ Apr 13 2016]
==========================================

* New Features and Improvements *

• Added a Time Zone feature. The system Time Zone can now be set to reflect the customer’s geographical location.
• Updated the Linux Kernel to support the new BTRFS file system.
• Installed supporting software for the BTRFS file system.
• Installed a new LZO compression library, for new file system compressing operations.
• Updated several Linux utility programs.
• Removed the MultiViews option from the Web Server configuration. This speeds up web server requests.

* Fixes *

• Network aliases script fixed for use with new glibc libraries.
• ifup-aliases script fixed for new glibc libraries.
• Fixed a bug in the network down script for PPP connections with IPSec VPN. The PPP connection didn’t always come back up.
• Fixed a bug with SSL VPN and multiple LAN networks. The network routes were not pushed to the client device.

New in Version 13.0.3-glibc [ Mar 21 2016]
==========================================

* New Features and Improvements *

• Updated the Anti-Virus engine to catch zero hour viruses.
• A major update of the GLIBC libraries has been released to fix several security vulnerabilities that have been identified, namely; CVE 2015-7547 ( Buffer overflow) and CVE-2015-0235 ( GHOST vulnerability)

* Fixes *

• After the recent security updates, Outlook users would sometimes be refused connection to the Zarafa server. This has been fixed.
• PPTP VPN. A bug with a recent BASH update prevented some users from accessing devices on the server’s LAN.

New in Version 12.1.8-ADS [ Feb 21 2016]
========================================

* New Features and Improvements *

• Updated the Web proxy software to the latest version. This provides performance gains and improvements in URL filtering of HTTPS sites.
• Updated the pattern matching software.
• Added a new email filering engine to detect and block the newest zero-hour Email Spam attacks.

* Fixes *

• Fixed a possible bypass of Web URL filtering when using the Safari browser.

New in Version 12.1.7-ADS [ Feb 16 2016]
========================================

* New Features and Improvements *

• Updated the Anti-Virus scanner to check for zero-day macros in documents.
• Added a Network Traffic Analyser. This listens on any network interface and displays a table of current bandwidth usage by pairs of hosts, showing any network hogs. The analyser can be run concurrently on more than one Interface, to show a view of traffic on the LAN and the WAN interface at the same time.
• Added more choices to the options for the File server Shadow Copy feature.
• Updated the network traffic monitor with the latest software version.
• Updated the caching, recursive DNS server software to the latest version.
• Added an option to the General Email configuration to enable/disable TLS encryption on incoming SMTP connections. Previously, only the client ( outgoing) TLS encryption was affected.
• Increased the performance of the Web Proxy server. Asynchronous disk access is now used, reducing contention.
• Several improvements to the Web Configuration Interface.
• Modified Horde IMAP groupware configuration to send emails to the SMTP network port.

* Fixes *

• During first-time provisioning of the Active Directory Server, the DNS server is now changed to the internal BIND DNS server. Previously, the AD Server would not provision properly.
• Created a new, default, self-signed RSA certificate for the Web Server.
• Many other bugs squashed.

New in Version 12.1.6-ADS [ Jan 29 2016]
========================================

* New Features and Improvements *

• Security – Installed RSA certificates for the IMAP and POP email servers.
• Security – Updated the SASL authentication libraries to the latest version.
• IPSec – Added a connection monitor for IPSec connections. If a ping to a remote IP address fails, then, the IPSec SA is restarted for that connection.
• IPSec – New program and kernel module installed.
• IPSec – Allow insecure DH group 1 and single DES for some Vigor routers and others.
• Web proxy – Updated the server software and re-configured it to speed-up traffic flow.
• Mail Server – Allow the Igaware mail server to transmit data to SMTP relay servers in 7 bit mode.

* Fixes *

• Local Master Browser tick box for standalone file server server – the setting wasn’t saved.
• Networking – Interface script fixed. This now calls ipsec restart correctly. Previously ipsec down was not called and blocked the shutdown of the ppp device.
• Email server – Force file ownership permissions for the SMFS recipient verification server.
• Email Server – Relaying of unlnown local users to an SMTP server was not working correctly when the server was specified with a domain name.
• Fixed several bugs in the Web configuration interface.

New in Version 12.1.5-ADS [ Jan 11 2016]
========================================

* New Features and Improvements *

• Security – Plain text passwords (LOGIN/PLAIN auth mech) are disabled for eMail server SMTP authentication.
• Web Interface – Added an option to allow LOGIN/PLAIN clear-text passwords for SMTP authentication.
• Security – Added X-FRAME-OPTIONS to Web server response headers.
• Security – Prevent possiblity of XSS ( cross-site scripting) in Web
  configuration interface.

— New in Version 12.1.2-ADS [ Dec 22 2015]
========================================

• Anti-Spam – added some rules to get rid of current invoice spam.
• Securtiy – Added CRAM authentication for IMAP – cram-md5.pwd
• Security – Installed RSA certs for IMAP server. This allows secure TLS connections.
• Security – Added an option to block email that contains Microsoft OLE documents with Macros to the Anti-Virus page – off by default.
• Security – Secured incoming IMAP and POP3 connections with CRAM encryption during login and TLS for the connection.
• Security – Secured incoming IMAP and POP3 connections with TLS encryption.
• Many other small improvements.

* Fixes *

• Backup – When mounting a cifs share as a backup destination, the username is tried both with and without the workgroup name. Newer kernel require the WORKGROUP/user format.
• Routing – Fixed some routing tables that had multiple rule entries – table-iproute now deletes a rule before adding it again.
• Backup – Exclude the $RECYCLE.BIN folder when backuping up ISCSI sources.
• Networking – Allow DH group 1 for IPSEC VPN.
• DHCP Server – Set the zone domain properly from the correct LAN domain, if we are using the BIND DNS Server.
• Web Interface – Don’t cache the image of the Email Traffic graph, so that the new one displays correctly.

New in Version 11.0.2 [Wed Sep 23 2015] =========================================
* New Features and Improvements *

• Added hard-coded DNS SRV records to BIND named zone file.
• Updated System Health for named daemon ( in dnrd)
• Updated mysqluner.pl – MailScanner
• Added a list of ip route tables ( eth1, etc) to Status , network routes page.
• Changed ref to Zarafa Outlook client download.
• Modified my.cnf file creation – now merges local file
• Modified Zarafa server.cfg file creation – now merges local file
• Changing the nameservers now reloads and clears cache for dnsmasq
• mysql and my.cnf now uses innodb plugin
• Changed min attachment size to 0 in Mailscanner*.template
• Added IgawareKAM to rsync schedule to xfer KAM.cf

* Fixes *

• Changed hosts file – replace host spaces with –
• Added drop user ”@’localhost’; to mysql_create.sql
• FIXED openvpn.Could not ping local LAN or 10.8.0.1. learn-address script needed #!/bin/sh
• FIXED dirvish when the share name has spaces ( put quotes in)
• Fixed long running problem. When interface goes ( or is brought) down ( e.g ifdown), then, any routes in tables ( ip route list table eth1) are removed ( by kernel, cause the interface has gone) and NOT replaced. Changed ifup-post to call /var/igaware/network-scripts/table-iproute all up, instead of just for DEVICE
• Fixed LAN config – problems with fields were not reported as window closed.
• Fixed the add new filename content page for email filtering
• Fixed global_access in rsyncit.sh – do it all the time
• Fixed perconda backup when 7days set.
• Fixed report export
• Fixed OLD http report page

New in Version 11.0.1-1 [Tue Aug 11 2015]
=========================================

* New Features and Improvements *

• The Zarafa database is now backed up using Perconda xtrabackup. It’s much faster to backup and restore and uses less resourses.
• Installed new PHP libraries
• Installed new Perl libraries
• Installed new Python libraries
• Installed new Zlib compression libraries.
• Updated the OpenSSL security libraries.
• Modified the Zarafa Users page to allow the free-form entry of the default email name.
• Added several new network commands.
• Created a script to block all access to Facebook IP’s. This is not enabled by default.
• Updated the file command to identify more signatures.
• Installed fail2ban to block remote access from script kiddies.
• Increased max_input_vars in php.ini
• sysctl – vm.vfs_cache_pressure to 3000
• Zarafa – re-linked the server with tmalloc ( gperftools) to increase memory
  performance.
• Added a “folder list” tab for the Zarafa user information dialog popup.
• Separated the mail server daemons for LAN and WAN. This gives increased control over mail delivery.
• Added the system uptime & kernel version to checkin page.

* Fixes *

• System health – fixed the check for winbindd – too many files.
• Fixed link to submit.cf
• Reordered the r8169 ethernet driver to be first loaded above r8168 & r8101.
• Fixed a problem with squidGuard going to emergency mode – removed spaces.
• Fixed a problem with the backup when the Fileserver Shadow Copy feature is enabled.
• Fixed a rare problem with the Web Activity hours report.
• Fixed a problem with the hosts file and LAN2
• Fixed a problem with the SQL server shutdown script.

New in Version 11.0.0-3 [Fri July 03 2015]
========================================

* New Features and Improvements *

• Updated the Internet Speed test code.
• Changed dpd timeout and delay for IPSec
• Updated the Mail Server M4 configuration files. They were out of date.
• Notices regarding detected Email Virii are now not passed on to the recipient.
• Added security to stop brute force attack against any open SSH server.
• Increased the Anti-Spam score for Pyzor and Razor detections.

* Fixes *

•  Fixed a problem with the Fileserver “shadow copy” initialisation.
• The backup was taking too long after a change to the catalogue file generation. Fixed.
• Fixed a problem with the Zarafa server out of office notification for recent installations.