Version 5.10.12
General
This document contains important information regarding changes and new features in F-Secure Internet Gatekeeper. We strongly recommend that you read the entire document.
What’s in this file
- System Requirements
- Product Contents
- New Features
- Known Issues
- Installation
- Contact Information and Feedback
- F-Secure License terms
- Third party software used in the product
System requirements
To use F-Secure Internet Gatekeeper 5.10 on a computer, the computer must:
- Be x86 compatible (2Ghz or faster recommended)
- Have at least 512 MB of RAM (1 GB or more recommended)
- Have at least 5 GB of free disk space (20 GB recommended)
- Installed files need at least 1 GB of free disk space and running system needs significantly more for temporary files, logs, etc.
- Have one of the following Linux distributions installed:
- 32-bit:
- CentOS 5.10, 6.4, 6.5
- Debian 7.4
- Red Hat Enterprise Linux 5.10, 6.4, 6.5
- Ubuntu 12.04.4
- 64-bit:
- CentOS 5.10, 6.4, 6.5
- Debian 7.4
- Red Hat Enterprise Linux 5.10, 6.4, 6.5
- Ubuntu 12.04.4
- 32-bit:
- The following software must be available in the operating system:
- Linux kernel 2.6 or later
- Perl 5.8 or later
- Make
- 32-bit C and C++ runtime environment. Consult your OS documentation for installing the compatibility libraries in 64-bit environment:
- glibc
- libstdc++
- libgcc1
- Support for any other and/or newer Linux distributions will be announced in future releases and/or on our web site.
For up-to-date information about supported platforms, please see our Knowledge Base:
http://www.f-secure.com/en_EMEA/support/business/
Product contents
F-Secure Internet Gatekeeper is a gateway product that acts as a virus scanning proxy for HTTP, SMTP, POP, and FTP protocols.
The product uses F-Secure’s scanning technologies to scan for malware. They provide outstanding protection level and fast, automatic updates to the scanning engines and anti-virus databases. With F-Secure’s Real-Time Protection Network, the product can react to new threats rapidly, which keeps the users protected and enhances the protection even further.
The product can be integrated with third-party HTTP proxies with the standard ICAP protocol. The content that is submitted to the ICAP service is scanned with F-Secure’s malware scanning technologies.
New features
This release contains the following new features, bug fixes and other changes that have been added since the 5.00.5 release.
- ICAP service supports scanning emails for malware and spam.
- A new and improved web user interface has been added.
- A new quick start guide has been added for easy installation and usage instructions.
- Fixed CTS-82476: fsaua now restarts automatically when user changes the virus database download proxy settings from the web user interface.
- Fixed CTS-84901: FmLib library version is not visible in the web user interface.
- Fixed CTS-86302: Added documentation for configuring the HTTP proxy for anti-spam daemon (fsasd) in the administrator guide.
- Fixed CTS-91777: Fixed detecting malicious javascript and html files.
- Fixed CTS-91852: Added missing information for ICAP detections templates in administrator guide.
- Fixed CTS-91867: Improved the documentation for the transparent proxy bridge mode using subnet in the administrator guide.
- Fixed CTS-92431: Improved the detection rate for policy-based blocking for javascripts and ActiveX scripts.
- Fixed CTS-92216: Fix timeout_inactive for web servers that take more time than keepalive_timeout to start sending the reponse to IGK.
- Fixed CTS-92759: Fixed the log size specification of logconv tool in the administrator guide.
- Fixed CTS-92797: Fixed information for the scanning daemon (fsavd) process management in the administrator guide.
- Fixed CTS-92814: Parsing a very large email header can lead to a false detection or other unexpected result.
- Fixed CTS-92861: IGK fails to detect too long HTTP request URL.
- Fixed CTS-93579: Fixed information about connection error messages in the administrator guide.
- Fixed CTS-94390: Added missing system requirements and dependencies in the IGK release notes.
- Fixed CTS-94834: Added information about orsp_file_check for the HTTP proxy in the administrator guide.
This release contains the following new features, bugfixes and other changes that have been added since the 4.10.17 release.
- Support for F-Secure Real-Time Protection Network has been added to the HTTP proxy. When enabled, common files are identified by rapidly updating black and white lists. This saves system resources and improves protection.
- The malware scanning capabilities are now available by a standard ICAP interface. This enables integration with third party proxies that support ICAP.
- The list of supported distributions was reworked to focus on the most popular, current and actively supported distributions.
- Removed dependency to Java, which is a common source of security vulnerabilities. The Java runtime environment is no longer distributed with the product. As a consequence, this release does not contain a web UI, but is also significantly smaller and lighter. The configuration is done by editing the configuration files directly.
- Improved quality of RPM packages.
- Improved the output from IGK init scripts.
- Fixed CTS-91383: Added an option to control whether to transparently re-establish keepalive upstream HTTP connections.
If you are upgrading from a version that is earlier than 4.10.17 ,4.11.8 or 4.12.5, see the release notes of version 4.12.5 for the list of earlier changes.
Known issues
- Upgrading from any 2.X or 3.X version is not supported. Uninstall the old version completely before installing F-Secure Internet Gatekeeper 5.0.
- Upgrading from the 4.X Japanese version of the product (virusgw) to the international version (fsigk) is not supported. Follow the instructions in the administrator guide of the product to migrate settings from the old (virusgw) installation to a F-Secure Internet Gatekeeper 5.10 (fsigk) installation.
Please see our Knowledge Base for up-to-date information about known problems and possible workarounds:
http://www.f-secure.com/en_EMEA/support/business/
Installation
The product can be installed from an RPM package, or a tar package.
- RPM installation or upgrade
- First download the rpm package, then run the following command as root user:
# rpm -Uvh fsigk-5.10.12-0.i386.rpm
After the installation, open http://<HOSTNAME>:9012/ with your web browser and use the default username and password to log in and configure the product. See the quick start guide for information on how to configure the product with the web user interface. - Installing using a tar package
- First download the tar package, then run the following commands as root user:
# tar zxf fsigk-5.10.12.tar.gz
# cd fsigk-5.10.12
# make install
After the installation, open http://<HOSTNAME>:9012/ with your web browser and use the default username and password to log in and configure the product. See the quick start guide for information on how to configure the product with the web user interface.
Contact information and feedback
To provide feedback or report problems, please see:
Please make sure that you tell the product version and Linux distribution you are using when contacting us.
F-Secure license terms
F-Secure license terms are available here:
http://www.f-secure.com/en/web/home_global/license-terms/
You must read and accept them before you can install and use the software.
Copyright (c) F-Secure Corporation. All rights reserved.
Third party software used in the product
Commtouch 7.03.0049
Copyright (C) 1991-2010 Commtouch Software, Ltd. www.commtouch.com
Berkeley DB 1.85
Copyright (c) 1991, 1993, 1994 The Regents of the University of California. All rights reserved.
[http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/overview/index.html]
JSON-C 0.9
Copyright (c) 2009-2012 Eric Haszlakiewicz
Copyright (c) 2004, 2005 Metaparadigm Pte Ltd
[https://github.com/json-c/json-c]
Libevent 2.0.21
Copyright (c) 2000-2007 Niels Provos [[email protected]]
Copyright (c) 2007-2010 Niels Provos and Nick Mathewson
Linux PAM userdb module 1.1.1.1
Copyright (c) Cristian Gafton [[email protected]], 1999. All rights reserved.
libaes 0.03
Copyright (c) 2001, Dr Brian Gladman [[email protected]], Worcester, UK. All rights reserved.
[http://libaes.sourceforge.net/]
MD5 message-digest algorithm
Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
[http://www.ietf.org/rfc/rfc1321.txt]
TCP wrapper utilities 7.6
Copyright 1995 by Wietse Venema.
[ftp://ftp.porcupine.org/pub/security/index.html]
SQlite3 3.8.1
The author disclaims copyright to this source code (Public Domain).
Transparent Proxying patches for Linux kernel 2.6
Copyright (C) 2007-2008 BalaBit IT Ltd.
[http://www.balabit.com/support/community/products/tproxy]
Civetweb 1.4
Copyright (c) 2004-2013 Sergey Lyubka Copyright (c) 2013 No Face Press, LLC (Thomas Davis)
[https://github.com/sunsetbrew/civetweb]