The IMPEX 3.1 release is focused on bringing a new Anti Virus engine, Ikarus from an Austrian security company, to the platform. We might still tweak its default settings for detection and error handling so we consider it to be a technical preview for this release. If you want to help us test it out, you can enable Ikarus in your configuration cards on the ICC.
A vulnerability in Django reported in the beginning of august, see below. Sysctl did internal research to examine if ICC was affected by the vulnerability. We concluded that there was no way to directly trigger this. We follow our policy to still upgrade to later releases of a software module that have mitigations for vulnerabilities.
The problem with NTFS-3g on CentOS lacking the proper installed fixes was uncovered by Sysctl staff that in turn notified the vendor of this and supplied a pull request to have the NTFS package updated so both we and other CentOS users will get the necessary security fixes in place for all relevant CentOS releases.
Platform and 3rd party packages
-
Operating system components and 3rd party packages has been updated to newer versions
-
Django has been upgraded to 3.2.15 due to CVE-2022-36359 1 We evaluated the vulnerability and our product is not using any of the vulnerable functionality and to the extent of our knowledge is thus not affected.
-
NTFS file system support has been bumped to upstream version 2022.5.17 due to CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788 and CVE-2022-30789 2
ICC Changes
-
The anonymous mode in the configuration card was removed. A new option was added called “Require identification” instead. All config cards will be automatically migrated. Having “Anonymous mode” off will be changed to having “Require identification” on and vice versa.
-
A new Anti Virus engine, Ikarus, was added to the configuration card and required infrastructure for mirroring its signature database was added to the repository component
-
The “preserve timestamp” option has been removed from the configuration card. It is now on by default.
ICC Fixes
-
Infinity scroll fixed in the contacts view
-
F-Secure license enter input box got hidden in 3.0, this has now been re-added
-
Added wrapping of long USB serial lines which made the Scan view hard to read
-
Email alerts had an incorrect link to the scan referenced
-
Yara-views were missing error details if an uploaded yara rule had incorrect syntax
-
Quarantined files with utf8 characters were not being uploaded
-
Deleting a configuration would fail even if the station that used it had been retired
-
Minor user experience improvements in the graphical design
Station changes
-
Improve network system information so stations with multiple interfaces and addresses get all their interfaces listed in the network view
-
Initial beta support for a new Anti Virus engine, Ikarus, was added to the station
-
Some installations might have had broken exfat formatting support because of missing SELinux policies, a fix for those was added that will correct this automatically
-
Preserve timestamp is now always on when transferring files. That is, timestamps will be the same on the target USB drive as on the source drive after a transfer
-
Abort operation if a device drive claims to have more than 10 millions files to avoid filling disk with logs. This can happen when a device has a corrupt file system
Documentation
- The ICC documentation was updated and, where necessary, instructions were updated
Known issues
- When a USB drive contains a signed update package from SYSCTL, the file listing is not available on the frontend when clicking “show content” but it can still be formatted/scanned/shredded. The signed update packages is only used when IMPEX support is debugging an issue with a customer or a customer is using offline updates