Santronics Software, Inc.,
Version 7.0 Build 454.6


This is a plug and play update; rebuilt for the latest Windows Operating Systems with a number of enchancments and fixes.


Changes, New Features and Enhancements by Wildcat! Component  

WCGEOIP (Wildcat! GeoLocation IP)

- NEW: New component: Wildcat! GeoLocation IP

       This new system will allow for the filtering of IP connections
       based on their Geographical IP Location in the world.  This is a
       tremendous boost to filtering bad connections into to your
       system. This is now installed via the 7.0.454.6 CD and also via
       the AUP AutoUpdate.

       See Wildcat! GeoIP Location Filters for details.

WCSERVER (Wildcat! Server)

- ENH: Wildcat! login event log now adds the call type to the log.

- NEW: New Wildcat! Geo IP/location (wcGeoIP) Server/Database for
       Filtering based on IP and world Location.

- FIX: Fixed reading default data\iptrack.ini values when sections
       were missing.

- FIX: Fixed wcx access to a wc:\http\ folder which contained a ".wctaccess"
       access file.  See new .wctaccess rules.

- NEW: The Wildcat! server (wcserver) will now support the following
       additional .wctaccess file rules.

       Allow System         # Allow System Agent Access
       Allow Configuration  # Allow Configuration Agent Access
       Allow MasterSysop    # Allow Authenticated User with master sysop security

       See more WCWEB for detailed information.

WCDRAW (Wildcat! ANSI Display Editor)

- FIX: Fixed Memory Overflow bug

WCDNS (Wildcat! DNS Resolver)

- ENH: Updated wcDNS to take into account a CNAME result in a rDNS (PTR)
       lookup.  This happens when subnets /27 or less are setup with
       their ISP using IETF RFC2317 "Classless IN-ADDR.ARPA delegation".

- ENH: wcDNSGetRecords() now switches to STREAM mode when a query gets
       a UDP truncate response.

WCSSL (Wildcat! Secured Socket Layer)

- UPD: WCSSL was updated using OpenSSL v1.02g.

- UPD: WCSSL was updated for ECDHE cipher curves.  This allows for usage
       of new Elliptical Curves for DH key exchanges.   This will
       provide modern PCI security certification with Grade A+ ratings
       using Qualys SSL Labs testing.

- UPD: A new PCI ECDHE cipher is available for "Set PCI Compliance"

       If you delete the SSL\CIPHERS.TXT file and rerun WCSSLCONFIG.EXE,
       a new file will be creates for selecting the recommended ciphers.

WCSMTP (Wildcat! SMTP Server)

- ENH: Added logic to prevent loop back when MX set to Localhost

- CHG: Now NULL Return Path is allowed for Authorized Sessions. To
       return back to previous logic, set the "wcSMTP\UserAuth.RejectNull"
       dword registry value to 1.

       wcregedit /local /value:wcsmtp\UserAuth.RejectNull /dword:1

- ENH: New wcSMTP WCX hooks for GeoLocation IP Filtering.

       SMTPCMD-CONNECT.WCX  if exist, called at the connection level
       SMTPCMD-EHLO.WCX     if exist, called at the EHLO/HELO command

- FIX: When sending mail, fixed situation where a timeout occured at the
       MAIl FROM, RCPT TO and DATA smtp states, which promoted a
       prematured pernament failure causing the destination address to
       be added to the data\badrcpt.txt file.   With the fix, retries
       will be attempted until exhausted.

- FIX: Fixed situation where the USERID number was not written to the
       meta messages being received when the email's userid was an
       Internet Email Conference user name.

- FIX: Fixed Router DKIM signing for SHA256 private keys.

- DOC: Technical note on preparing the outgoing EHLO/HELO host name..

       See the techincal note regarding the EHLO/HELO host name:

       Setting the EHLO/HELO host name

WCMAIL (Wildcat! Mail Gateway)

- NEW: When importing email, dupes will be moved to the "Dupe\" spool

       Note: WcConfig allows you to set an "Allow Duplicate Messages"
       checkbox option per mail area/conference.

WCPOP3 (Wildcat! POP3 Server)

- ENH: Trace Log recording IP:PORT for -ERR authorization failures for
       easier views, i.e grep.

WCTELNET (Wildcat! Telnet Server)

- FIX: Fixed the logging for blocked IPs

WCWEB (Wildcat! Web Server)

- FIX: Fixed URL parsing bug

- FIX: Corrected Questionnaire processor issue with embedded javascript.

- NEW: Added "; secure" to setting cookies in web server for SSL
       operations. This addresses PCI requirements for some PCI audit

- NEW: Added "; httponly" to setting cookies in web server for PCI
       operations and when HKLM\Software\SSI\wcWeb\EnableHttpOnly" DWORD
       is true (default).  This addresses PCI requirements for some PCI
       audit vendors.

- ENH: WcWeb will now check for the proper VDG for the
       wcssl_http_redirect.htm template when SSL is enforced for all

- ENH: Updated the SoundManager2 Audio files. Helps with better mobile
       and non-flash, HTML5 audio player.

- FIX: For running CGI scripts, the optional registry string
       wcWeb\NoContentStatus404 now defaults to TRUE.  This will now
       return a 404 status for CGI scripts, i.e. PHP, that return a
       status 200 but with an empty content.  This should reduce PHP
       attacks on wcWEB because attackers may use a 200 reponse as a
       reason to continue attacking. Hoping the 404 response will reduce
       this overhead.

- NEW: It is now possible to add additional Web Response headers to all
       requests.  This is done using the new file:


       This file is distributed by SSI and it is preconfigured to
       support enchanced PCI operations which are constantly adding PCI
       requiremetns using new  headers for security purposes.

       If you want to add your own response headers, create a custom


- ENH: wcWEB PCI security operations was enhanced as follows:

       1)  Added Response Header:

           Strict-Transport-Security: max-age=31536000; includeSubDomains

           "Strict-Transport-Security" is added when SSL is required
           for all connections.

           required: "max-age=time" in secs, default 365 days
           optional: "; includeSubdomains"  applies to all * sub urls
           optional: "; preload" related to browser preloading your domain for HTTPS

           Note: This header is added via via data\AddExtraHeaders.txt.

       2)  Added Response Header:

           X-XSS-Protection: 1; mode=block


           Note: This header is added via via data\AddExtraHeaders.txt.

       3)  Message_Create.htm template was updated to remove an
           Javascript injection possibility.  There was no security
           issue, but the PCI Auditor requested that this be changed.

- NEW: This is actually done 9 years ago, but WCT templates has "SafeQuery.XXXXX"
       macro that can be used instead of "Query.XXXX"   But using SafeQuery, this
       will prevent Cross-Script Javascription injection.  This is required for
       PCI compliance.

- NEW: WcWEB now supports the following additional wc:\http folder ".wctaccess"
       file rules:

       Allow System         # Allow System Agent Access
       Allow Configuration  # Allow Configuration Agent Access
       Allow MasterSysop    # Allow Authenticated User with master sysop security

       These are intended to be usey by special WCX application access
       to a HTTP subfolder for access. For example, the Wildcat! AVS
       application (wcAVS) setup performs editing of files in the
       "wc:\http\services\avs" folder.

WCBASIC (Wildcat! BASIC Software Development Kit)

- UPD: The help file wcIDE.CHM was renamed to wcDEV.CHM.  The AUP and CD
       installed will have wcDEV.CHM.

- FIX: Fixed INPUT function non-echoing issue

- CHG: For Telnet connections, only the IP address is set, not the old
       format "hostname [ip]".  GetCallerId() will only returns the IP
       address.  Use the DnsGetAddressDomain() function to get the host
       name (domain) for your application.


       dim domain as string
       domain = DnsGetAddressDomain(GetIpAddress(GetCallerId()))

- FIX: Corrected library Win32ini.wcc WritePrivateProfileString()
       function which were corrupting passed key values.

- FIX: Fixed WcDEV Editor non-existing file load issue related to a MFC
       CDocument MRU behavior change.  This should eliminate the popup
       error "Encountered an improper argument".

- FIX: Corrected ParseEmailAddress() null address check in msgutil.wcc

- NEW: New wcGetGeoIP() function to create IP filters by GEO location.
       See the new wcBASIC header file: include\wcGeoIP.wch


       #include "wcgeoip.wch"

       dim gip as TWildcatGeoIP
       if WcGetGeoIP("", gip) then
          print " ";
          print " ";
       end if

- NEW: New wcDKIM-related wcBASIC headers and wcDKIM examples:

       - wcBasic Headers for wcDKIM:


       - wcDKIM signing and verification examples:


WCFTP (Wildcat! FTP Server)

- NEW: New FTP wcx hook:

       - ftpcmd-connect.wcx,  is called at the connection level before
         the welcome response is sent.

- ENH: Internal FTPCMD-xxxx.wcx override commands will now continue when
       the GlobalResult is FALSE.   Returning TRUE will skip the
       internal FTP command processor.

- FIX: Fixed an ABORT issue with PORT channels which failed to open,
       most likely related to FTP clients behind NAT and Firewalls.

       This fix provides a fremendous enhancement for the wcFTP sesssion

WCCONFIG (Wildcat! Configuration)

- FIX: Fixed System Security System Access not sticking when saving

- FIX: Fixed Allow Replay IP not sticking when saving

- NEW: Mail Areas/Conferences now have a new option:

       [_] Allow Duplicate Messages

       When set, dupe checking for new messages, imported messages into
       the conference will be disabled.

       Note: It was always possible for Native/wcBASIC developers to use
             the AddMessage() function TMsgHeader (mh) flag setting:

             mh.MailFlags   = mfNoDupeChecking

- NEW: File Areas now have a new options:

       [_] Allow File Comments

       When set, user file comments and discussions will be enabled by
       Wildcat! Add-on File Management products.

       [_] Allow Directory Watch

       When set, this will set a flag for add-on File Area Monitoring
       tools to watch the file area for file drops or removals. The
       concept is similar to using WcRefresh, but is done automatically
       by the File Area "Watch Dog" tools.

WCCORE (Wildcat! BASIC Core Runtime Engine)

- CHG: For Telnet connections, the GetCallerID() will return the the IP
       address only. The old format was "hostname [ip]" is obsolete.
       This makes the GetCallerID() funtion consistent with all internet
       hosting protocols.

- FIX: Fixed WCT template readering/processing issue with no proper End
       Of Line (EOL) character(s). This fix will now allow WCT template
       files to be saved using MAC, UNIX or DOS EOL characters or none
       at all.

TEMPLATES (Wildcat! HTTP Templates)

WCT (Wildcat! Templates)

WCSDK (Wildcat! Native Language Software Development Kit)

- NEW: New wcGetGeoIP() function to return Geographical Location
       information by IP Address.

       See the updated header files: wctype.h and wcserver.h

       Example: C/C++



         TWildcatGeoIP gip =  {0};
         if (WcGetGeoIP(ip,gip,"en")) {
            // display gip

       Example: wcBASIC

         #include "wcgeoip.wch"


         dim gip as TWildcatGeoIp
         if (WcGetGeoIP(ip,gip,"en")) then
            // display gip
         end if

       If wcGetGeoIp() returns false, GetLastError() should be used to get
       the possible error and reason. The possible errors are:


WCREFRESH (Wildcat! File Database Refresh Tool)

- UPD: Added seconds to wcrefresh.log file

WCSAP (Wildcat! Sender Authentication Protocol)

- DOC: WcSAP updated to version 2.42

- DOC: wcSAP Filter Changes for Santronics IP addresses:

       For nearly 20 years, Santronics used a class C bank of IP
       addresses at  These old IP addresses were used
       for wcSAP accept and rejection rules in the distributed
       wcsap/wcSapFilter.txt.  Our network IPs have changed and you need
       to modify the rules otherwise your wcSMTP/wcSAP setup will reject
       all emails from or

       We can simply give you our new current IPs and can simply change
       the rules below replaced the old with new IP addresses, however,
       please use the suggested changes to avoid future issues with
       changed Santronics IP addresss:

       - ACCEPT rules located near the top
       Reason SSI Domain/IP accepted
       Accept if %CIP%  in 208.247.131.*  ; SSI domain connection
       - REJECT rules located in near the bottom
       Reject if  in .%CDN% and %CIP% !in 208.247.131.*
       Reject if   in .%CDN% and %CIP% !in 208.247.131.*
       Reject if        in .%CDN% and %CIP% !in 208.247.131.*
       Reject if in .%CDN% and %CIP% !in 208.247.131.*
       Please change the above as follows:

       - ACCEPT rules located near the top, replace it with these lines:
       ; Optional Santronics wcsapfilter-ssi.txt file
       include wc:\wcsap\wcsapfilter-ssi.txt
       - REJECT rules located in near the bottom, simple remove these lines.

       The new wcsapfilter-ssi.txt file will isolate any Santronices
       rules from your own wcSAP filter rules and customization, thus
       allowing us to update the rules as necessary via AUP or CD
       updates.   This file may or may not be available. The include
       statement will ignore a missing file.

- ENH: Changed the default WCSAP CBV UseEhlo setting to True.  This
       will help resolve any invalid "HELO [ip-address]" command
       issued by the CBV which can be flagged by some reputation

- FIX: Fixed a SPF DATAGRAM lookup issue where it didn't switch to STREAM mode.

- NEW: Added new wcsapFilter.txt rule support for CIDR IP comparisons
       for the conditions IN and !IN. Example:

       Reason SSI Domain/IP accepted
       Accept if %CIP% in ; SSI domain connection

WCRUN (Wildcat! WCX Runtime Loader)

- FIX: Fixed redirection issues.

WCLS (Wildcat! List Server)

- ENH: When creating a list digest, the following list options will be
       set or unset:

        [_] Allow Posting
        [X] Add Subject List Tag
        [_] Allow Attachments
        [X] Strip HTML

- NEW: Added Captcha to List subscrption template.  This may be required
       by some new RBL sites that will check to see if your subscription
       module cab be exploited by robots.  Captcha will help prevent

- NEW: Prepared the templates for Mobile GUI. Note this is not complete
       but we are getting there with smart phones with HTML5. Try using
       the WCLS subscriptions pages to see how they work via your Smart
       phone or tablet.

- ENH: Automatic check for ADSP, DMARC policies.

       Each mailing list will, by default, have a new option "CheckADSP"
       (Check Author Domain Signning Policy) enabled.

       To turn this off, edit/add the following [DKIM] section to the
       specific list wclsdata\list\*.list file:


       ADSP stands for "Author/Authorized Domain Signature Policy."  It
       is both specific IETF RFC protocol and also a concept in DKIM
       Author Domain policy modeling.  DMARC is a specific protocol but
       it has the same ADSP concept, the same basic idea of protecting
       the author domain.

       The purpose of CheckADSP is to check for restrictive ADSP or
       DMARC DNS record policies for the domain attempting to subscribe
       or post mail into a list.

       When CheckADSP=1, the user using a restrictive domain, such as, will be not be allowed to subscribe and/or not allowed
       to post mail for distribution.   The exception are list digests
       since these are read only distributions, all digest members should
       be allowed to post mail in a digest list.

       Without this ADSP/DMARC check, when a message is submitted to a
       list with a restrictive domain, it can cause a major problem of
       deactiving all subscribers due to email delivery rejection
       problems at the user's email receivers performing ADSP/DMARC checks.

       WCLS now includes a new SMTPFILTER-LISTCHECKER.WCX which is used
       to control restrictive users from posting in a a mailing list.

       NOTE: At this time, wcListServer.exe does not do any ADSP/DMARC
       specific controls but it will in the future.  This will allow for
       restricted users to be subscribed for read-only.  No posting

- NEW: New options were added to the CLI utility wcladmin.exe:

       The complete CLI options are:

       -e [listname]                - export members in listname (default all lists)
       -i filename                  - import formatted text file.
                                      (use -e to redirect export to file name)
       -ip listname filename        - import Plain text file of addresses into list
       -d listname [members]        - delete member(s) in list.
       -l [listname]                - show list names and description
       -L [listname]                - show detail list information
       -s listname [members]        - show members active/inactive status in listname
       -si listname [members]       - show Inactive members in listname
       -sa listname [members]       - show Active members in listname
       -a listname [members]        - make member(s) active in listname
       -a- listname members         - make member(s) inactive in listname
       -show flag listname members  - show flag in list for members\n"
                                      flag: *|nopost|adminhold|nosend|inactive\n"
       -set flag listname members   - set flag in list for members\n"
                                      flag: nopost|adminhold|nosend|inactive\n"
       -unset flag listname members - unset flag in listname for members\n"
                                      flag: nopost|adminhold|nosend|inactive\n"
       -sql [listname]              - create SQL Insert statements for list members
       -rep listname [fields]       - table report of list fields, use -rep for more help

       The new options for this release are:

       -l [listname]                - show list names and description
       -L [listname]                - show detail list information
       -s listname [members]        - show members active/inactive status in listname
       -sa listname [members]       - show Active members in listname
       -a- listname members         - make member(s) inactive in listname
       -show flag listname members  - show flag in list for members\n"
                                      flag: *|nopost|adminhold|nosend|inactive\n"
       -set flag listname members   - set flag in list for members\n"
                                      flag: nopost|adminhold|nosend|inactive\n"
       -unset flag listname members - unset flag in listname for members\n"
                                      flag: nopost|adminhold|nosend|inactive\n"

       The -l option will show the list names and description. The -L
       option will show the list name, description and options.

       The -s option will show the member active/inactive status and the
       -sa option will show the active members to augment the -si option
       which shows the inactive members.

       While the -a option made the member active, the -a- will make the
       member inactive.

       The -show option will show the flags for members in the list. The
       flag can be:

           inactive        The member is inactive.
           adminhold       The member is on hold, can't post or get mail.
           nopost          Don't allow member to post mail
           nosend          Don't Send Mail to member in distribution
           *               Show all flags (for -show only)

       You can now -set or -unset a flag for a member in a list.

       The listname and members parameters can now be wildcards, examples;

       wcladmin -l list-*             Show list names that begin with "list-"
       wcladmin -s * *      Show the status of all users in all list.
       wcladmin -show * winserver *   Show the flags for members in list winserver

       How to use new powerful flags, -show, -set and -unset:

       In the past, wcladmin only allowed you to re-activate a member that
       was automatically set inactive via wcSMTP when it failed to deliver
       mail the user.  With the updated wcladmin, you can reactivate the user
       with the -a- option or -unset option.

       WCLS provided other useful flags which were managed via WCLS Setup
       User Editor or you exported and imported the records via wcladmin.

       wcladmin now allows to access the follow flags and database fields:

         --------------    -------------------------   -----------------------
         set/unset flag    Database Field Name         Comment
         --------------    -------------------------   -----------------------
         inactive          TDistribList.Inactive       Member is inactive
         adminhold         TDistribList.AdminHold      Mo posting/sending
         nopost            TDistribList.NoPosting      no posting allowed by member
         nosend            TDistribList.DontSendMail   don't send mail to member

      Use the flags to control which members should not be sending mail or should
      not be allowed to post.

      example:  Put on administrative hold the members from example.dom in all list

      wcladmin -set adminhold  * *

WCTOOLS (Wildcat! Utitities)

- NEW: New utility ListUsers.exe

       Listusers.exe is a CLI (command line interface, console) utility to
       list your Wildcat! users. You can create table displays showing
       various user fields.

       To see the command line options, type ListUsers /?

       ListUsers v3.4 for v7.0.454.6 (c) copyright 1998-2016 by Santronics Software Inc.
       usage: listusers [options] [user_name_search_spec]

         /server:cmp  connect to specific server computer name

         /sort:id     sort by user id (default)
         /sort:name   sort by user name
         /sort:lname  sort by user last name
         /sort:lcall  sort by user last call
         /sort:sec    sort by user's primary security profile

         /email       show email address (extended field)
         /pop         show pop3snoop (extended field)
         /lc          show last call
         /fc          show first call
         /ps          show password state
         /pd          show password change date
         /to          show times on
         /tl          show time left
         /pn          show phone number
         /ed          show expire date
         /bd          show birth date
         /lho         show logon hours override flag
         /sb          show subscription balance
         /nb          show netmail balance
         /uv[:NRPV]   show users validation. Filter it with NRPV flags
                      N-None, R-Validation Required, P-Prevalidated or V-Validated
       A few examples:

       Listusers                displays users id, name and security.

       Listusers "* smith"      displays users with last name smith

       Listusers /lc "*@*"      displays users last call with email address login names

       Listusers /uv:rp         show users who are not validated or prevalidated.

       listusers /tl /lc         shows users time left and last call

       listusers /email         show users email address, if any