Secure Web Gateway

NOTE: Prior to release 5.1.0 Secure Web Gateway was called SECURE Web Gateway.

June 2021

Version 5.2.0

Jun 3, 2021

  • The Lifestyle category has been removed from the default 'Sexually Explicit' web policy route. This improves matching for these categories.

Other Fixes
  • PDF rendering has been improved, following steganography or redaction changes applied by the Gateway.

  • XLSX files were being detected as active content when no active content was present. This has now been fixed.

  • Processing documents such as PDFs and RTFs has been improved, resulting in more efficient detection of active content.

  • PDF detection and processing has been enhanced in this release to correct a number of issues, including the Gateway becoming unresponsive.

  • You can now disable XLM macros from being detected by adding a configuration to the CDA and ZIP format managers. For more information, refer to the online help topic on Sanitization.

  • The gdb and valgrind RPMs can now be removed after product installation. This should be performed using the yum utility in Cockpit Terminal. Please note that these will be automatically reinstalled upon every product upgrade, so the removal process will need to be repeated each time.

  • URL categorization speed has been increased, resulting in more efficient performance.

March 2021

Version 5.1.0

Mar 1, 2021

New Features
  • URL Database replacement.

  • Kaspersky anti-virus has been upgraded to version 8.9.

  • The URL Database component has been improved, enabling more efficient categorization of URLs. Consequently, the real-time categorization content rule is no longer required. The database is a dynamic list of URL categories that can be updated or, if necessary, reset at any time.

  • Branding changes have been applied to the user interface including new product logos. SECURE Web Gateway is now Secure Web Gateway.

  • Secure Web Gateway now has its own unique installation ISO and download location.

Other Fixes
  • An update to the Avira anti-virus engine has resolved a number of issues, including the detection of Eicar, and consistent use of downloaded definitions.

  • Static Hostnames can contain alias names of over 40 characters.

  • The update to the URL Database component has resolved a number of issues including synchronization of URL categories.

  • The proxy was failing to communicate with HTTPS sites using NTLM due to a traffic service configuration. This has been fixed in this release.

  • ATS (Apache Traffic Server) was crashing regularly, causing multiple core dumps. Core dumps have now been disabled.

  • A custom setting has been added to help FTP backups work more effectively.

September 2020

Version 5.0.0

Sep 08, 2020

New Features
  • Red Hat Cockpit replaces server console for administrators. Cockpit is an integrated web interface used for managing your network configuration, software updates, and system management.
  • This version of the Gateway runs on RHEL 7.8, enabling more accessible software updates, a number of technical improvements from RHEL 6, timely security fixes, and a more robust operating system.
  • Support for the SMBv1 protocol is no longer mandatory, due to security vulnerabilities. This version of the Clearswift SECURE Web Gateway still supports SMBv1, but SMBv2 will take precedence if available. The Gateway no longer requires a server to support SMBv1 in order to establish a connection.
  • You can now configure a lexical expression to ignore any duplicates of a unique string that matches that expression. This reduces false positives, where a string might be repeated in a file or attachment.
  • Detection of lexical expressions has been enhanced, so that the count of multiple matches is recorded per attachment or document.
  • The user interface has been resized to be more responsive to screen-size. Additionally, sensitive terminology has been updated where possible, replacing slave/master with worker/controller in log files. Blacklists and whitelists are now referred to as block lists and allow lists respectively.
Other Fixes
  • A weighted term now only counts once if it is repeated across multiple worksheets, if ‘Each expression may trigger only once for each part of the message’ is selected.
  • UI access controls have been significantly updated and tightened, restricting permissions to the correctly privileged users.
  • An admin account opening multiple tabs while logged in to the Gateway, presented the risk of cross-site-request forgery (CSRF) if a malicious page was open in a browser. This vulnerability has been resolved in this release.
  • Only the Installation Wizard page is accessible if the Gateway has not been fully configured.
  • The branding text appears on the login page, and was editable without authentication. This has been resolved in this release.
  • The Kaspersky anti-virus engine now installs correctly.

September 2020

Version 4.11.2
  • The proxy transaction log could incorrectly record the same hostname against multiple IP addresses.

October 2019

Version 4.11.1
  • Sanitization of URLs in documents.

  • Text extraction from embedded images in PDFs.

Other Fixes
  • When configuring the Gateway using the installation wizard, licenses were marked as invalid if you selected the Turkish locale (tr_TR.UTF-8) with US keyboard settings and the time zone GMT+2, using the Server Console.

  • OCR extraction did not work on all images due to a problem with processing.

  • The searchability of reference lists was not working when using Internet Explorer 11.

August 2019

Version 4.11.0
New Features
  • OCR (Optical Character Recognition) allows the Web Gateway to block or redact any suspicious or confidential text it discovers in images.

  • Improved searchability of Machine Lists, User Names, Internet Zones, and Intranet Sites.

  • Configurable transaction logs.

  • Test authentication on multiple Kerberos Key Distribution Centers (KDCs).

  • The error page generated by the Web Gateway now displays the relevant error text in the browser title bar.

  • Sanitization and redaction of metadata in GIFs and PNGs.

  • Detect and inspect content in RAR5 archive files.

  • Content sanitization occurs regardless of the read-only flag in XMP data.

Other Fixes
  • The Gateway offered a limited set of ciphers and there was no customer-override available. If none of the Email Gateway ciphers were supported by the SFTP server, the SFTP option could not be used. This has been resolved in this release by replacing the low-security cipher.

April 2019

Version 4.10.0
  • TLS version selection for HTTPS Encryption settings now sets a minimum version, with the default version as TLS 1.0.

  • You can now detect and process High Efficiency Image File formats (HEIF and HEIC).

  • Sophos anti-virus has been upgraded to version 2.6

  • Kaspersky anti-virus has been upgraded to version 8.8.

Other Fixes
  • A problem has been fixed where the Memory Low and Memory Critical alarms failed to trigger correctly when configured in specific instances.

Back to Clearswift Products