• Support for Microsoft Windows 2008.
• Fix for the following problem: The Sophos PureMessage Scanner service (PMScanner.exe) may terminate unexpectedly or hang while performing content (phrase) scanning within rich text (RTF) or PDF files. As a result, messages may get stuck in the queue and spam rule updates may not complete.
• Fix for the following problem: On Exchange 2007, the process EdgeTransport.exe may terminate unexpectedly when PureMessage tries to replace the rich text body of certain TNEF-encoded messages with plain text.
• Fix for the following problem: On a PureMessage installation that supports both anti-virus and anti-spam, PureMessage sometimes fails to create (or invoke) the scan engines (spam, virus or content scanning engines) when under heavy load.
• Fix for the following problem: On a clustered installation, during startup the cluster service appears to hang but eventually starts up after a delay.
• Fix for the following problem: On a passive node in a clustered installation, there may be several event log entries stating that the Sophos PureMessage service failed to start.
• Fix for the following problem: PureMessage reports a malformed embedded message error while processing .MHT or .EML attachments.
• Fix for the following problem: On Exchange 2007, bounce (NDR) messages may not get generated for mail sent to non-existent recipients.
• Fix for the following problem: End-user quarantine web page sometimes becomes inaccessible.
• Fix for the following problem: When installing on an Exchange 2007 cluster, the installer requires that a Microsoft Distributed Transaction Coordinator (MSDTC) resource be present on the cluster.
• Fix for the following problem: Some emails with large attachments do not arrive and PureMessage reports a failure to replace trigger message in the logs.
• Fix for the following problem: PureMessage logs Error code 0x80004005 in transport post categorization sink while processing certain messages.
• Fix for the following problem: On Exchange 2007, when multiple policies are applied to a message, a changed message may be forwarded without an envelope address for the sender. An SMTP server further downstream may reject such messages causing delivery failures.

• If you have Adobe Acrobat installed on the PureMessage server, ensure that you are using Adobe Acrobat version 7.1.0. If you are using a different version then please uninstall Adobe Acrobat and install version 7.1.0 from http://www.adobe.com/ before upgrading or installing PureMessage.

  This is because certain versions of Adobe Acrobat (such as 8.0, 8.1, 8.1.1 and 8.1.2), when installed with PureMessage server, can cause the Sophos PureMessage scanner service (PMScanner.exe) to terminate unexpectedly or hang. To minimize the risk of encountering the problems with Adobe Acrobat, content scanning inside PDF files has been disabled by default for new installations. Please contact Sophos technical support if you require PDF content scanning to be enabled.

• On Exchange 2007 SP1, PureMessage does not add disclaimers to outbound messages sent from Outlook Web Acccess or Outlook (configured to send messages in Exchange mode using MAPI). As a workaround you can configure Exchange 2007 itself to add disclaimers to outbound messages.
• On Microsoft Windows 2003 with SP2, if the Security Configuration Wizard (SCW) is installed, then the installer fails to register a PureMessage knowledge base with SCW. The installer displays an error message and continues. If you use SCW to harden your system then contact Sophos technical support for information on how to perform this operation manually.
• If you install PureMessage on a computer in a workgroup, you cannot use a Microsoft SQL Server database located on a different computer (that is, a remote database). You can specify a remote database during installation, but PureMessage does not set the necessary access rights. In this case, please contact Sophos technical support for a workaround.
• During installation, you can specify the Microsoft SQL Server you want to use. If you click Browse to browse to the server, the browser window may not list the Microsoft SQL Server database instance that you wish to select. In this case, type the database name into the text box provided, in the format MACHINENAME\INSTANCENAME, e.g.

  MYDBSERVER\SOPHOS

• During installation, when you specify the Microsoft SQL Server, the installer may fail to connect to the chosen Microsoft SQL Server database instance. In this case, you should:
  
  • Ensure that the Microsoft SQL Server computer is in the same domain as the current machine.
  • Ensure that the instance name is correct.
  • If you are using a Microsoft SQL Server 2005 database located on a different computer (a remote database), use the Microsoft SQL Server Configuration Manager to enable the TCP/IP protocol for the database instance and start the SQL Server Browser service.

• The installer may fail with an error Setup was unable to create the PureMessage databases.

  This can happen if, in the past, you have uninstalled the SOPHOS database instance from Microsoft SQL Server or uninstalled Microsoft SQL Server itself. In this case, delete the following files from the MS_SQL_INSTALL_FOLDER\MSSQL.X\MSSQL\Data folder.

  
  
  • SavexCnfg.mdf
  • SavexCnfg_log.ldf
  • SavexDir.mdf
  • SavexDir_log.ldf
  • SavexQuar.mdf
  • SavexQuar_log.ldf
  • SavexRprt.mdf
  • SavexRprt_log.ldf

• When using a database on a different computer (that is, a remote database or virtual Microsoft SQL Server instance on the same cluster but a different node) the PureMessage service may sometimes fail to connect to the database because Windows authentication has failed.

  Possible reasons are:

  
  
  • The DNS is not correctly set up.
  • The time is not synchronized on the two computers.
  • The ServicePrincipalName property in Active Directory is missing the entry for that Microsoft SQL Server instance. (This may happen if Microsoft SQL Server was installed using a local administrator account without rights to write to the Active Directory.)

  Contact Sophos technical support for more help to identify the problem, or to use SQL Server authentication instead of Windows authentication.

• Tags added to email subject lines (if you set up Email tagging) may be displayed as question marks.

  This occurs when all the following conditions apply:

  
  
  • The subject tag contains extended characters, such as Japanese text.
  • The message is encoded in TNEF, which requires that it is sent from a MAPI mail client and is internal to the organization.
  • The message is encoded using a character set that doesn't support characters specified in the subject tag.
  • The message is viewed with a mail client that uses the multi-byte subject property rather than the wide-character subject property.

  For messages sent from Outlook Web Access with Exchange 2003, the issue can be resolved by modifying the registry value UseRegionalCharset in key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA to zero. See http://support.microsoft.com/kb/830827 for details.

• The installation program will restart IIS and Microsoft Exchange services (if present) during the installation. Under certain circumstances it may also require the computer to be restarted.
• PureMessage spam rules are updated every five minutes from Sophos with small update packages. It is recommended that this updating frequency is not changed, for optimal spam capture rate and optimal bandwidth utilization.
• When you install PureMessage, Sophos Anti-Virus is also installed (if not already present) and on-access virus scanning starts automatically. However, PureMessage excludes certain Microsoft Exchange and IIS folders from virus scanning as recommended by Microsoft. When PureMessage is uninstalled these exclusions are not removed. For more information about the folders that are excluded, see http://www.sophos.com/support/knowledgebase/article/12214.html.

  The \Temp folder under the PureMessage installation folder is also automatically excluded from virus scanning. However, when PureMessage is uninstalled this exclusion setting will be removed from Sophos Anti-Virus.

• You cannot upgrade a version of PureMessage that includes both anti-virus and anti-spam support to a version that includes only anti-virus support.
• If the Windows 2003 Security Configuration Wizard (SCW) is detected on your system, then the installer will register a PureMessage knowledge base and start SCW when installation has completed. If you use SCW to harden your system, then you should run the wizard once the PureMessage installation has completed, and check the PureMessage option to allow access via the firewall. This will create an appropriate policy for you to apply.

• During installation, you may notice a few errors in the Event log as described below.

  These errors are reported when PureMessage installer attempts to detect the presence of Visual C++ redistributables. These errors can be ignored safely.

  Source	Event ID	Description
  SideBySide	59	Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{A4D87BE1-AFC4-461B-A66C-AFA239935F57}\VCRedist64Test.dll. Reference error message: The referenced assembly is not installed on your system.
  SideBySide	59	Resolve Partial Assembly failed for Microsoft VC80.CRT. Reference error message: The referenced assembly is not installed on your system.
  SideBySide	32	Dependant Assembly Microsoft VC80.CRT could not be found and last error was The referenced assembly is not installed on your system.

• During installation on a cluster, you may notice a few errors in the event log as described below.

  These errors are reported because the PureMessage cluster resource DLL is not present on all nodes during installation. After PureMessage is installed on all nodes, these errors will no longer be reported. These errors can be ignored safely.

  Source	Event ID	Description
  ClusSvc	1058	The Cluster Resource Monitor could not load the DLL PmClustResTypeXXXX.dll for the resource type PureMessage service X.X.X.X.

• On Windows 2008, you may notice warnings in the event log from the Microsoft Defender Real-Time Protection agent as described below.

  Please choose to allow Sophos applications.

  Description:
  
  Windows Defender Real-Time Protection agent has detected changes. 
  Microsoft recommends you analyze the software that made these changes
  for potential risks. You can use information about how these programs
  operate to choose whether to allow them to run or remove them from 
  your computer. Allow changes only if you trust the program or the 
  software publisher. Windows Defender can't undo changes that you 
  allow.
  
  For more information please see the following:
  
  Path Found:
  file:C:\Windows\tasks\Sophos-PureMessage-StoreMonitorHealthCheckTask.job;
  file:C:\Program Files\Sophos\PureMessage\bin\FireJob.exe;
  taskscheduler:C:\Windows\tasks\Sophos-PureMessage-StoreMonitorHealthCheckTask.job
  
  Alert Type: Unclassified software
  

• The default action in the case of an application error is Deliver message. Sophos strongly recommends that this action is not changed.
• PureMessage does not support multiple administration consoles running simultaneously on the same machine or multiple administration consoles connecting to the same server at the same time.

• Files left behind after the uninstallation of PureMessage:

  The quarantine directory INSTALLDIR\Quarantine is left behind on the server. This enables you to retain quarantined items during uninstallation and reinstallation of PureMessage. If you no longer need the quarantined items, delete this directory.

  On a cluster, the Quarantine folder can be found on the shared drive under SHAREDDRIVE\Sophos\PureMessage\Quarantine.

  The logs directory INSTALLDIR\Logs is left behind on the server. If you no longer need the log files, delete this directory.

  On a cluster, the Logs folder can be found on the shared drive under SHAREDDRIVE\Sophos\PureMessage\Logs.

  The file PMClustResTypeXXXX.dll is left behind in the C:\WINDOWS\system32\ folder. This is the PureMessage cluster resource DLL that can be deleted from all nodes in a cluster after PureMessage is uninstalled from all the nodes.

  On a cluster, the following folders are left behind on the shared drive:

  SHAREDDRIVE\Sophos\PureMessage\Config
  SHAREDDRIVE\Sophos\PureMessage\ReportsPending
  

  These folders can be deleted after uninstalling PureMessage from all nodes.

• Exchange 2007 deployed in an edge role has an attachment filter agent, which filters mail at the protocol level. As a result, some viruses are removed, and some attachments replaced before PureMessage gets to scan the email. For this reason, the Dashboard and Activity Monitor may display a lower level of unauthorized traffic for a server providing protection at the network perimeter than for other servers.
• Since version 3.0.2, PureMessage installs its transport agent at a higher priority than the Exchange 2007 transport agents. As a result, any Exchange 2007 rule that handles routed messages will be processed after PureMessage.

For technical support, visit http://www.sophos.com/support.

If you contact technical support, provide as much information as possible, including the following:

• Sophos software version number(s)
• Mail server or gateway details
• Operating system(s) and patch level(s)
• The exact text of any error messages

Copyright © 2008 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.