Data sources and objects captureEtherSensor EtherCAP service:
[+]Statistical processing of the SSL protocol was added: statistics are accumulated for SSL connections, and results are generated with SSL connection lists. You can disable this feature in the configuration (ethcap.xml file) by doing the following:
<Protocol enable="false" name="ssl" />
[-]An error was fixed which sometimes resulted in exceptions at service startup.
Captured objects analysis:
[+]The following detectors were updated: odnoklassniki.ru, pochta.ru, rambler.ru, smsmms, twitter.com, vkontakte.ru, yahoo.com, yandex.ru.
[+]Now all messages that reach the stage of sending to consumers are marked with the X-Sensor-RawSource-Type header. This is to help the consumer (for example, a message archiving system) to know which initial "raw" captured data were used to get the final message. The following values are currently possible:
HttpGetRequest: The message source is an HTTP GET REQUEST
HttpPostRequest: The message source is an HTTP POST REQUEST
HttpPutRequest: The message source is an HTTP PUT REQUEST
FtpFile: The message source is an FTP file
SmtpEml: The message source is an SMTP EML
Pop3Eml: The message source is a POP3 EML
IcqContactList: The message source is an ICQ Contact List
IcqMessageList: The message source is an ICQ Message List
IcqFile: The message source is an ICQ File
IcqLoginInfo: The message source is the ICQ Login Info
MraUserInfo: The message source is the MRA user info
MraContactList: The message source is an MRA Contact List
MraMessageList: The message source is an MRA Message List
MraFile: The message source is an MRA File
MsnContactList: The message source is an MSN Contact List
MsnMessageList: The message source is an MSN Message List
MsnFile: The message source is an MSN File
XmppContactList: The message source is an XMPP Contact List
XmppMessageList: The message source is an XMPP Message List
XmppFile: The message source is an XMPP File
IrcMessageList: The message source is an IRC Message List
IrcFile: The message source is an IRC File
SkypeVersionRequest: The data source is the Get Last version request to ui.skype.com
SslSessionsList: The data source is a list of SSL sessions
Please note:
Certain mailing systems use POST requests to read incoming mail. In this case, interception result for such message will contain the X-Sensor-RawSource-Type header: HttpPostRequest.
[*]Now all messages which are ready to be transported are labeled with the X-Sensor-LicOption header. This header can have the following values:
WebMail
WebSocial
Email
IM
FT
WebMailRead
[*]From and To format was updated for WebMail, WebSocial, and WebCV messages.
[+]Empty message bodies are now checked for and removed for WebMail, WebSocial, and WebCV messages.
[+]Results are generated to include SSL connection lists.
Delivering analysis results to consumer system:
[*]Memory consumption was optimized for message delivery.
Configuration console:
[*]Management interface user interface was updated.
[*]Integration with the EtherSensor help system was implemented.
[+]HTTP filter statistics is now displayed.
News 