Data sources and objects capture
EtherSensor EtherCAP service:
[*]The Packet Sniffer SDK traffic capture library was updated: TCP connection reconstruction performance is now higher.
[*]POP3 parser was improved:
Added support for AUTH extension with a multipage response
The situation when Login and Password are not provided is handled correctly.
[+]IMAP4 protocol parser was added.
[+]Protocol parsers were added for NMDC and ADC (DC++).
[+]TORRENT protocol detector for TCP connections was added.
[+]SSL protocol detector was improved (support was added for TLS 1.1 and TLS 1.2).
[-]An error was fixed in the SSL protocol detector which sometimes resulted in insignificant memory leaks.
[-]An error was fixed in calculation of sessions closed by timeout.
[-]An error was fixed in PCAP file processing: "hard" session reset after the end of PCAP file processing was removed; connections are now closed by timeout.
EtherSensor ICAP service:
[-]An error was fixed with X-Sensor-Icap-Authenticated-User and X-Sensor-Icap-Authenticated-Group header transcoding.
[-]An error was fixed in passing requests to the analysis service: in rare cases requests had not been passed for further processing.
Captured objects analysis:
[*]Recognition validity and processing efficiency in the !generic detector are now higher.
[*]Recognition validity for file uploading (downloading) in the !file-upload detector is now higher. URL-based file name generation (when the HTTP query contains no explicit file name) was made more logical.
[+]The following detectors were updated: blogger.com, cv (careerist.ru, hh.ru, job50.ru, job.ru, job-mo.ru, job.ws, jobsmarket.ru, rabotamedikam.ru, rabotavgorode.ru, rabota.mail.ru, rabota.ru, superjob.ru, zarpalata.ru), diary.ru, google.com, gorod55, facebook.com, hotmail.com, linkedin.com, livejournal.com, loveplanet.ru, mamba.ru, mail.ru, my.mail.ru, mfd.ru, moikrug.ru, odnoklassniki.ru, pochta.ru, rambler.ru, smsmms (beeline.ru, megafon.ru, mts.ru, skylink.ru, tele2.ru, wsms.ru), twitter.com, yandex.ru, yahoo.com, ukr.net, vkontakte.ru, wordpress.com.
[+]The OWA (Outlook Web Access) detector was added. It detects messages sent, edited and viewed in the Outlook Web Access system.
[-]An error with message filter condition processing was fixed which affected filtering message duplicates by the Message-ID field or the MD5 hash of the message (CHECK-MESSAGE-ID, CHECK-MD5). These actions sometimes resulted in errors.
[-]Corrected the error in processing email messages with empty TO field. Sometimes such processing threw an error.
[-]An error was fixed with file name processing in the FTP detector. Processing such messages resulted in failure sometimes.
[-]An error was fixed with HTTP query decoding; sometimes HTTP parameters were left not decoded.
[-]An error was fixed with IM detector: decoding BASE64 data sometimes resulted in errors.
Delivering analysis results to consumer system:
[*]SMTP transport performance was improved.
[*]Resource consumption of the EtherSensor counter value collection and storage process was reduced.
[+]Transport service log entry format was extended: number IDs of sending threads were added to logged messages, allowing to track the event sequence of a given sending thread.
[+]Functionality check was added for transport profiles (SMTP, FTP, FILEDROP, SMB). You can now bypass message interception and processing and check how the transport profile operates directly after changing its settings.
[+]ipconfig /all output was added to the EtherSensor operation report.
[+]HTTP query filter and message filter editors were added. You can now use the graphic environment to manage filters.
[+]Editing of quotas for processed results is now done in the quotas.xml file.