1 Reply Latest reply on Apr 20, 2011 11:43 AM by Regis

    So does VSE87 patch 5 include the mass-mailing exceptions fix?


      I've just read the minty fresh release notes of VSE 8.7p5: 

      https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 23000/PD23040/en_US/Patch5.pdf


      On first pass, I saw no mention of hotfix the mass mailing exceptions issue described in here https://kc.mcafee.com/corporate/index?page=content&id=KB70202    On second pass, though, by searching for the hotfix number, I find 613356 is actually mentioned in the release notes ... but in terms that sound completely unrelated to the issue? 


      The KB70202 title for "the mass mailing hotfix" 613356 is  "VSE 8.7i Patch 4: Port blocking rule to prevent mass mailing worms from sending mail does not honor exclusions over 16 characters long" ... which is surely intuitive.


      But the release notes for patch 5 which mentions the same 6 digit number sure make a person wonder if  these have anything to do with one another:

      "Issue: A Kernel mode drivers should refrain from using more than 1kb of stack space when processing I/O. Generally this is not

      a problem, but when another filter is installed and attempts to filter our driver load attempt, it can then use large amounts of

      stack space as well resulting in a stack overflow and a double fault exception (BSOD). (Reference: 613356)

      Resolution: Updates to the drivers have implemented a change to move stack usage to the heap in these instances."


      It's like a human that's actually used the product may have written the KB but a kernel mode developer who hasn't seen sunlight in a while may have written the release note paragraph?  Or someone made a typo and the mass mailing fix isn't in there at all? 


      So ... does anyone know if  patch 5 addresses  "patch 4 breaks mass mailing protection process exclusions greater than 16 characters long" issue that KB70202 describes and provides a hotfix for?  


      Thanks for any insights!

        • 1. Re: So does VSE87 patch 5 include the mass-mailing exceptions fix?

          Good news:  It looks like the answer is "yes, patch 5 includes the mass mailing exception hotfix"  based on an internal document reviewed by a McAfee VSE support tech I just reached.


          Apprently the Reference: numbers mentioned in release notes aren't one-to-one mappings to hotfix numbers.    The mapping gets fuzzy if a reference fixes a superset of hotfix goodies.


          The mass mailing hotfix issue is mentioned in the release notes under  item 12, but I still  have a beef with this description because the mass mailing exception issue also affected our Windows XPsp3 boxes (unless I have had a colossal lapse of memory--in the area of the company where these mass mailing exception breakages reared their head, there's only XPsp3).   I've bolded the happy news. 


          12.  Issue: Windows Vista made a change to an internal Process Environment Block (PEB) data structure that records the name of a processes' primary executable with the result of making the available length of the process name one character shorter. Access Protection rules with process names over 16 characters are not being properly handled in Windows 7 or later. (Reference: 626033)

          Resolution: Access Protection rules now handle process names greater than 16 characters in length.


          The support tech also gave me a test procedure where I could install patch 5 locally on one box and copy telnet.exe to something greater than 16 characters, set an exception for it and try to telnet out to port 25 on an smtp server with and without the exception in place. 


          Message was edited by: Regis clarified OS on 4/20/11 11:43:51 AM CDT