CompanyCRYPT Maintenance Pack

Contents

This document contains the following topics:

Maintenance Pack description
Prerequisites
Installing the Maintenance Pack
Removing the Maintenance Pack
Files included in this Maintenance Pack

Contact Information:

We are constantly reviewing our products. You can obtain product patches, information about our other products, and details for contacting us on our Web site: http://www.companycrypt.com

Maintenance Pack description

This Maintenance Pack will improve your CompanyCRYPT to build level 495. It includes all previous HotFixes since the release of the initial v1.3.0 (Build 479)

This maintenance pack mainly focuses on fixing problems that have been discovered after the release of the previous Maintenance Pack:

Site-to-Site links disappear
After re-initialisation during an update or during synchronisation (on the slave system) each time the last site-to-site link disappeared. On slave systems this effect was even worse, leading to an empty list within minutes. This was caused by a missing final marker, by which the last entry was dropped each time. This has been fixed,
S/MIME - Details of (private) certificate not displayed
When importing certificates from a P12 file (private S/MIME key), clicking on the [+] button (more details) didn't work with some spezial characters in the passphrase. Instead the passphrase had to be re-entered. This has been fixed; full details of the certificate are now being displayed prior to import.
PGP - German 'Umlaute' in name or comment not properly displayed
CompanyCRYPT prevents the usage of non-printable characters in name or comment, when generating a PGP key. However it is possible to import PGP keys generated on a different system. Although there is only a guideline that describes how to encode those characters, it seems most system tend to use UTF-8. In order to avoid the name of a user being displayed awkwardly, those characters are translated to iso-8859-1 for now until a more thorough mechanism is implemented.
Certificates without eMail address not extracted CA-certificates
Previously, certificates without an email address were not extracted, since they are not usable for eMail encryption. However a large amount of CA certificates are build with exactly this property. Since CompanyCRYPT uses these CA certificates, even the ones without eMail address are extracted now, as long as they appear to be usable as a trusted issuer.
Note:
In this version CompanyCRYPT does not yet extract, whole certificate chains. This feature will probably be implemented in the next Maintenance Pack.
Empty MIKE sending address
When CompanyCRYPT was configured to use the 'key-owner' address as the sender, an empty address was used instead. This has been fixed. Also when sending keys from the WebGUI, the MIKE settings apply to those eMails.

General benefits, added features und new functions provided by the previous Maintenance Pack (489):

Improved MIKE address configuration
- Now there are more choices to select from which address key replies are send from. Until now they have always been send from the key owner address. This was the first choice to have sender address and signing key address consistent (on S/MIME replies). Since certificates are detected by the MIMEsweeper as binary, this may collide with outgoing company policies. Now you can alternatively select a fixed address or simply the address that the initial email request was addressed to (usually set within the MIMEsweeper policies).
- An parameter has been added to select a different local hostname, when sending keys to an alternative host. This for example is useful, if this host is located at a provider site, and does a reverse hostname lookup validation. To match the DNS-MX-record you can now select this name to be used during SMTP protocol.
- Also the in WebGUI, the MIKE tab has been restructured to keep configuration more transparent.
Decrypt Summary - Title now customizable
- As we pay tribute to the needs of customers, the decrypt summary title line is now customizable to prevent the unwanted disclosure of the products in use. In the future there will also be templates that especially improve the HTML view of the decrypt summary.
Trace log view added
- Similar to the reprocess log and the operational log a trace log view has been added and can be found in the WebGUI under System - Tracelog.
Log history can now be parsed
- The current view of the operational, reprocess and trace log have been improved to give access to the previous logs. This way you can now parse the full history of logs via the WebGUI.
Under the hood
- In preparation of future improvements (database options) the configuration processing has been remodeled. This has already lead to an increase in stability and even in speed to some degree.

Problems fixed by the previous Maintenance Pack (489):

Sending keys via WebGUI
There has been a unfortunate bug where the FROM command during SMTP protocol was closed incorrectly. Instead of a CRLF only a LF was provided. Although this works without problem with a local MIMEsweeper, it does stall the sending process to most other hosts and sometimes even a remote MIMEsweeper, making the problem somewhat intermittent. With this maintenance pack, all SMTP commands are now properly closed.
S/MIME - Opaque signing
During testing, we discovered an initialization bug that resulted in some unsupported S/MIME mail structures. This has been fixed.

Problems fixed by the previous HotFix (483), included in this package:

Reprocess service - Problems with Delivery Notifications
During SMTP protocol the reprocess service in Build 479 (Executable v1.2.3) unfortunately skips the 'mail from' command on upon empty or omitted sender fields. This of course is the default condition for delivery notifications. Due to the missing command, the MIMEsweeper receiver service will not accept such messages, causing multiple fail entries. This issue is solved by this Maintenance Pack.

Prerequisites

Install this Maintenance Pack on the following versions of CompanyCRYPT only:

CompanyCRYPT v1.3.0 (Build 479) or higher

The account on which this Maintenance Pack is executed requires:

Read/Write/Change access to the entire CompanyCRYPT installation folder.
Start/Stop permission for the 'CompanyCRYPT Reprocessing Service', the 'CompanyCRYPT Operational Service' and the 'MIMEsweeper for SMTP Security service'.

Warning:

Before installing this Maintenance Pack, ensure that you have one of the prerequisite versions of the product listed above on your system.

Installing the Maintenance Pack v1.3.0 (Build 495)

Before installing this CompanyCRYPT Maintenance Pack, ensure that you have read the Prerequisites section of this ReadMe.

Important:

This Maintenance Pack must be installed on all PS.

Important:

Do not start this Maintenance Pack from a network share.

Note:

The following services are stopped before and automatically started after installation

'MIMEsweeper for SMTP Security Service'
'CompanyCRYPT Operational Service'
'CompanyCRYPT Reprocessing Service'

If the services cannot be stopped by the update executable within 20 seconds, please stop the reported service(s) manually and start Maintenance Pack again.

Note:

This update program does not (yet) display a progress bar. Therefore you will not see any response on the screen, while the services are stopped/started. We ask for your patience during this step that may last up to 20 seconds. The update of files itself only takes about 5 seconds.
RECOMMENDATION: Stop and restart the MIMEsweeper security service manually.

To install this CompanyCRYPT Maintenance Pack, follow the instructions below.

Strongly recommended: Copy of CompanyCRYPT folder
Due to the little effort, the best rollback option is a simple filecopy of the complete CompanyCRYPT folder. This step does not require any services to be stopped.
Execute 'CompanyCRYPT_v130_495_MaintenancePack.exe'
After verifying its integrity it will attempt to stop relevant services that are still active. Then the affected files are replaced. Finally the services that had been stopped (only those) will be restarted afterwards.
IMPORTANT: Start either Console or WebGUI
With this step some initialisation is performed. You can verify the new binary versions on the 'Info' tab with the ones listed below.
Recommended: Check services
It is advisable to confirm the operational status of the services mentioned above.

Removing the Maintenance Pack v1.3.0 (Build 495)

If you experience problems after installing this CompanyCRYPT Maintenance Pack, you can remove it.

To remove this Maintenance Pack, follow the instructions below.
All files and folders changed or removed during the update process are stored in this folder:

[CompanyCRYPT installation folder]\_Previous_Version\Before_v1.3.0_495.

In this folder you will find a file with the name Changelog.txt.

This file contains the protocol of all changes made during the installation of the Maintenance Pack. By reversing all steps listed there using the saved files in ...\_Previous_Version\Before_v1.3.0_495 you can undo all changes.

Important Note:

During a manual rollback the following services need to be stopped:

'CompanyCRYPT Reprocessing Service'
'CompanyCRYPT Operational Service'
'MIMEsweeper for SMTP Security service'

Files included in this Maintenance Pack

The table below shows the files contained in this Maintenance Pack, listing their latest current version number.

CompanyCRYPT program file	Version	Action
`Ccrypt.exe`	1.7.7	Replace
`Index.exe`	1.8.7	Replace
`CC-Console.exe`	1.4.5	Replace
`CC-Operate.exe`	1.2.4	Replace
`CC-Reprocess.exe`	1.2.6	Replace
`CompanyCRYPT.ico`	n/a	Add