Endian firewall 2.5.2 community disponível

[aroldobossoni]

Endian firewall 2.5.2 community version now available

After a long time, we are ready to announce the Endian Firewall Community 2.5.2 release.

This release is mainly a bug fixing one.

A list of the main changes and updates to follow:

• Antivirus

ClamAV has been updated to the most recent version to make sure signature updates will continue to work.

• Anti-spyware

Lists are now being provided by PhishTank instead of Malware Domains. This not only results in more sites being recognized correctly but also allows us to show an information page with a link to PhishTank’s description of the malicious website instead of displaying an empty page.

• Hardware support

Support for various hardware devices has been added. This support for USB modems

as well as drivers for network interface cards and hard disk controllers.

You can easily download version 2.5.2 here: http://www.endian.com/en/community/download/

The 2.5.1 version users should follow the instructions received at the registration time via email to update the software.

If you’re using an older version than 2.5.1, try to get the update following the aforementioned instructions. In case of failure, please download the new version and re – install the system.

Enjoy the new Release

Your Endian Team

[aroldobossoni]

Atualizações implementadas:

Release Notes – Version 2.5.2

** New Features

* [UTM-250] – PhishTank as anti-phishing protection

* [CORE-82] – Show signatures update time in the dashboard

* [CORE-477] – Intel drivers for the newest Intel network

interface cards

* [CORE-222] – Support for USB Huawei E173 USB UMTS modem

** Improvements

* [UTM-68] – ClamAV engine update to version 0.97.8

* [CORE-184] – The collectd netlink plugin stores information

that is never used

* [CORE-89] – EMI does not load sqlite anymore

* [CORE-259] – EMI storage is not read/write-safe

* [CORE-63] – In Port forwarding / DNAT the default mode

should be simple instead of advanced

* [UTM-250] – PhishTank lists replace lists from

malwaredomains

* [CORE-285] – Packaged signatures tarball with new PhishTank

signatures instead of those from

malwaredomains

* [CORE-105] – Monit method needs an additional attribute

monitor=False which prevents monitor/unmonitor

command from getting sent to monit

* [CORE-189] – Store collectd RRD files in /tmp and

periodically synchronize to /var

* [CORE-164] – Delete archived log files when free space is

needed

* [CORE-231] – Use collectd graphs instead of squid-graph

* [CORE-206] – Replace makegraphs.pl with collectd graphs

* [UTM-110] – Remove collectd’s ntp RRD files

* [UTM-80] – New version of ntop

* [CORE-240] – Ethernet bonding support

* [UTM-40] – DansGuardian custom *regexp file is not handled

correctly

** Bugs

* [UTM-115] – ClamAV blocks .exe files due to issues in its

DetectBrokenExecutables check

* [UTM-86] – HAVP does not run after an upgrade to 2.5

* [UTM-65] – “Block encrypted archives” flag was doing

exactly the opposite of what had been

configured

* [UTM-63] – Wrong status message in ClamAV page before the

first signature update

* [CORE-132] – The Authentication layer does not start due to

an UTF-8 problem

* [CORE-125] – Authentication job is not started after

finishing the initial wizard

* [CORE-367] – Old backups cannot be downloaded after

migrating to 2.5

* [CORE-288] – USB stick not detected correctly by

efw-backupusb

* [CORE-278] – When cleaning the system USB backups are not

considered

* [CORE-148] – Instead of keeping 3 USB backups when rotating

only 2 are kept

* [CORE-113] – Error creating the cron link for scheduled

automatic backups

* [CORE-220] – More backups than configured are stored

* [CORE-427] – Deadlock during the reading/writing of

SettingFiles

* [CORE-264] – Logout button does not work for all browsers

* [CORE-236] – After an update efw-shell does not display

correctly the new/updated commands”

* [CORE-122] – In policy routing rules only CS0 Type of

Service can be selected

* [CORE-107] – Dnsmasq sometimes fails to restart which causes

monit to use a huge amount of resources

* [CORE-88] – Backup uplinks do not work if they are Ethernet

uplinks

* [CORE-497] – Collectd does not start on boot with new

version of monit

* [CORE-211] – Dependency to efw-httpd is missing

* [COMMUNITY-15] – RPM triggers interrupt update process

* [CORE-451] – GUI port is hardcoded for redirection

* [CORE-268] – Reboot required not shown after kernel upgrade

* [CORE-482] – emicommand hangs because of curl blocking

* [CORE-137] – YAML storage raises an exception when trying to

load a valid YAML file that contains a list

instead of a dictionary

* [CORE-369] – Interzone firewall rules are not created after

migration to 2.5

* [CORE-119] – When switching from advanced to simple mode

editing destination NAT rules the filter policy

is changed to ALLOW

* [CORE-118] – Target port of Destination NAT is not disabled

when the incoming protocol is “Any”

* [CORE-115] – Incoming Service/Port field of Port forwarding/

Destination NAT is editable, even if Service

and Protocol are both set to “Any”

* [CORE-106] – The bridges job status is wrong, “restart”

instead of “start”

* [CORE-335] – jobcontrol hangs when sync restarting jobs

* [CORE-326] – Jobengine exception during update

* [CORE-257] – Jobs are unnecessarily restarted multiple times

* [CORE-248] – Jobsengine memory leak when OpenVPN client

connects

* [CORE-131] – The efw-shell command “job” does not work due

to a syntax error

* [CORE-124] – AnaCronJob uses Job.start which sets force=True

even if not needed

* [CORE-123] – DownloadJob uses Job.start which sets

force=True even if not needed

* [CORE-120] – Timestamping signatures are recreated although

force is not set to true in CrawlerJob

* [CORE-321] – After migration from 2.4 to 2.5 RAID controller

mptsas is not working anymore

* [CORE-303] – Intel Network driver igb not supported for Quad

Intel 82580 Gigabit Network

* [CORE-190] – Enable FUSION_SAS driver

* [CORE-332] – twistd.log are not compressed and rotated in /

* [CORE-247] – Logrotate not run under various circumstances

* [CORE-87] – ntop UI is not accessible

* [CORE-251] – Logrotate configuration file is removed when

logrotate package is upgraded after efw-syslog

* [CORE-203] – purge-log-archives script fails under special

circumstances

* [UTM-414] – ntop segfault in libc-2.3.4.so/libntop-4.1.0.so

* [UTM-244] – ntop crashes if it is asked to monitor a

interface that is down

* [CORE-343] – VLAN configuration problem

* [CORE-174] – Local routes are missing in ip rule so user

defined rules always overrule local routes

* [CORE-86] – Policy Routing rules are not applied

* [CORE-80] – Upgrade of stripped RPM packages destroys

configuration files

* [UTM-378] – Double efw-dnsmasq packages after upgrade

* [UTM-338] – When updating efw-dnsmasq the httpd

configuration file is removed

* [UTM-322] – Anti-spyware signatures last update date is

inconsistent

* [UTM-320] – DNS black- and whitelists are ignored until the

cron job runs

* [UTM-317] – DNS anti-spyware blacklist is not working

* [UTM-316] – Black- and whitelisted domains are not erased

after saving settings

* [UTM-88] – Unable to download malwaredomains information

* [UTM-181] – Proxy PAC is not applied

* [UTM-93] – Denial of service triggered by access to the

proxy port

* [UTM-90] – DansGuardian blacklists and phraselists are

missing after an upgrade to 2.5

* [UTM-87] – DansGuardian blacklists and phraselists cannot

be downloaded

* [UTM-55] – Clamd is not started before HAVP

* [UTM-194] – HTTP proxy configuration ignores rules under

certain circumstances

* [UTM-81] – IMAP authentication fails if username contains

a @domain part.

* [CORE-219] – TOS/DSCP option breaks Quality of Service

* [UTM-119] – Snort is restarted twice during boot time

* [CORE-138] – System uptime is shown incorrectly

* [CORE-396] – Migration not called after upgrade to 2.5 due

to collectd

* [CORE-159] – Certain migration scripts are not executed

* [CORE-129] – Migration framework causes tracebacks if an RPM

package has an epoch set and a migration script

for it exists

* [UTM-108] – OpenVPN client calls missing “remove_rules”

method which is not controlled by jobengine and

uses a deprecated function

* [UTM-95] – Selecting GREEN in IPsec GUI corrupts IPsec

configuration file

* [UTM-230] – OpenVPN job fails to create user configuration

files if the push orange or push blue options

are enabled

* [UTM-97] – OpenVPN process cannot remove temporary files

because of wrong file owner

* [CORE-221] – OpenVPN client TUN device configuration is

broken

* [UTM-200] – Route to subnet behind OpenVPN gateway-to-

gateway user is set with wrong gateway IP

address if the user has a static IP assigned

[Autor]

Posts