Version History

• Updated recognition for relabeled FWOUT_OK types.
• Fixed a bug in the SMTP DShield submission that affected some mail servers.
• DShield submission now excludes addresses tagged as Friendly.
• Simplified tracking of unfriendly addresses after import.
• Hopefully fixed remaining '401' errors when doing DNS lookups.

• Log listings broken down into pages to increase speed and reduce display overflow problems.
• Added new Port database update check which can dynamically update the Port database via the internet whenever new definitions are available.
• Added user definable interval for automated DShield submissions.
• When creating a report from the RAW log for Addresses or Ports returning to the RAW log from the Report Mode will return to the row that the report was created from.

• Disabled abuse reports for entries with source addresses that fall within RFC1918 (Private internet address allocation).
• Updated Hexillion WHOIS site address.

• Fixed Overflow error in Activity Summary
• Fixed some problems with DShield form when auto-submit is enabled.
• Fixed problem of DShield auto-submit not always working if SMTP is the selected mail sending option.
• Fixed 'Syntax Error' bug with import filters.

• Fixed some bugs that relate to importing non-English logs from recent releases of ZoneAlarm.
• Fixed occasional '401' errors with DNS lookups.
• Some cosmetic fixes for non-standard colour schemes.
• Other minor fixes/tweaks.

• Added log import filtering, full details in help file.
• Updated ICMP Type Numbers with new additions.
• Added Help menu option to enable/disable debug logging mode to help diagnose any problems without the need for command-line switches.
• Added form to display all known ports and related info (menu: Tools/Database/Ports List).
• Added 6 hourly auto submit for DShield reports.
• Updated port database.

• Fixed an Overflow error if old logs are not allowed to be automatically cleared by ZoneLog and exceed a certain size.
• Fixed bug with importing some ZA 'archive' logs.
• A few other minor bug fixes.

• Added SMTP direct email option for DShield submissions where MAPI email clients may not work correctly.
• Added option to auto-lookup DNS host names during import.
• Added default port assignments to port database.

• Fixed error in log listing when right-clicking over certain selections.
• Fixed some accuracy problems on the summary graph when zooming in.
• Stopped email generation from probing your Contacts list as this was not required or intended and produced virus warnings on some systems.

• ZoneLog will now automatically import ZA 'archive' log files as well as the current log file when importing (not when importing an 'alternate' log file).
• Added extra support for email clients that do not support MAPI when sending Abuse reports, DShield reports or a Support email.

• Fixed minor bug that caused an error on initial startup for first time users.
• Fixed email submission error for Outlook Express users.

• Added alternative browser loading option in Options/Misc that may help with NetScape users when doing WHOIS lookups.
• Increased History Analyser max recent time from 48 to 96 hours.

• Fixed bug that caused an error when changing the log font if no printers were configured on the PC.
• Fixed bug that sometimes caused a crash after Repairing the database.
• Fixed some keyboard shortcuts that didn't work.
• Fixed selection problems on log listing.

• Added a History Analyser to the Attack Analyser, details in Help file.
• Added option to set log list column order and hide/show columns of choice.
• Added Create Email button to Abuse report form to transfer details directly to MAPI compliant email clients.
• Added DShield.org submission form for easy submission of your log data to the DShield.org "Distributed Intrusion Detection System".
• Added extra information and lookup tools to Details form.
• Added Help menu item to check for ZoneLog updates on the web.

• Error after logging an entry as Reported under certain conditions fixed.
• First and last columns lost when copying to clipboard/exporting, fixed
• Fixed some highlighting bugs in the log listing
• Missing popup tooltips in new grid fixed
• Occasional runtime error after DNS lookups (F12), fixed
• Several other minor bugs tied to the new grid also fixed

• Added option to update registration details after new email/key request
• Added command line option -m to minimize ZoneLog after startup initialisation
• Updated port database

• Fixed error regarding 'ZA logging not enabled' error when used with ZAProV3
• Fixed bug where notes entered for FWOUT entries would appear in the Severity column.
• Fixed scrolling bug when using WinXP Themes
• Other minor fixes

• Updated port database

• Fixed some anomalies with the Attack Analyser time setting and hit count.
• Fixed error 'Invalid procedure call or argument' if looking for log file on a network path that no longer exists.

• Added ability to Copy or Move entries from one database to another.
• Added Severity column to IP/Port Analysis' Destination Port analysis.
• Added Summary column in Attack Analyser to help explain the results.
• ZoneLog will now import port update files (laupdate.dat files) automatically on startup if a newer version is found.
• You can now select multiple log entries from differing addresses and domains to include in an Abuse Report email.
• Some cosmetic improvements.
• Updated Port database

• Corrected date format of 'ZA Format' exports to exactly match ZA logs.
• Corrected a cosmetic layout problem on systems with larger font sizes in the Title or Menu bars.
• Minor format fixes on Time field during log import when using AM/PM clock settings.
• Fixed problem of missing GMT timezone on single-hit abuse email.

• Added ZoneAlarm version string to email reports as some ISP's request it.
• Added Domain Name filter option in Report Mode.
• Added Type filter option in Report Mode.
• Added 'Last X days' option in Report Mode.
• ZoneLog will now remember if you were in Report Mode when last exited and will restart in Report mode with the same settings on next run.
• Added ability to email multiple entries from same Parent domain.
• Added a couple more charts to the Activity Summary.
• You can now Right-Click-Copy details from all fields on the Details form.
• Increased speed of deleting multiple selected entries.
• The IP/Port Analysis form can now analyse the entire database, as before, or just the data currently on display in the main log listing.
• ZoneLog now appears as an icon in the Task Tray and is removed from the Task Bar when minimized.
• Added option for ZoneLog to pop up from minimized (hidden) when new entries are found during timed import.

• Fixed bug where log would not display at program startup if auto-import was enabled and there were no new entries in the ZA log.
• Placed extra checking in import routine where non-sequential dates or future dates would cause odd import behaviour.

• Fixed bug where all ACCESS entries in the log would flag as 'Problem' entries even if they were not problematic.
• Fixed bug in Email Report, if selecting a single entry with the right-mouse the ZA log entry in the bottom of the report may have had the wrong details.
• Some non-English regional settings would cause a problem when purging old entries from the log, now fixed.
• Altered the code for the email link on the About box which should fix the 'Error 53' error some users were getting.
• Added descriptive tooltips to the 'Type' column.
• Added TCP 'Flag' and ICMP 'Type' tooltips to 'Transport' column.
• Changed Report Mode 'group' selection to allow for multiple group selection.
• Added option to sort listings by sub-domain. Right-click on the 'Host Name' columns to sort by sub-domain, left-click for normal sorting.
• Added option on email form to tag reported entries, added corresponding column to show reported state in log listing.
• Added Notes field for entering user notes on each log entry, notes are added/edited in the 'Details' form.
• Added 'Address Table Editor' to allow addition or updating a range of addresses in the Domain Name lookup table.

• Fixed some error checking in loading settings at startup.
• Fixed bug in Export to File where ZL would just close if the file already existed and was opened by another app.
• Fixed bug on Report mode where 'Times' after mid-day didn't render any results on a few systems under certain conditions.
• Fixed 'Overflow' error if exporting more than 32768 entries.
• Fixed problem where using later versions of Neotrace as an external WHOIS app. would cause an error regarding maps.
• Non-standard entries are now logged and bypassed during import instead of unhelpful errors being presented.
• ZoneLog now tries to give a meaningful message if there are too many entries to safely display without causing 'out of memory' errors.
• Increased log list population speed by 40%.
• Increased Attack Analyser speed by 30%.
• Added ability to copy selected log entries to clipboard (Right-mouse menu).
• Added command line option -R to force a database repair at startup.
• ZoneLog now automatically compacts the database, without prompting, after a purge.
• When retesting previously unresolved addresses in DNS Lookup Zonelog will list hosts that subsequently resolve on retest.

• Added ability to change the background colour of the main log list by right-clicking the background in the Colour Key box.
• Added option to change log list font via Options.
• Added more info to messages if log import fails, also allowed program to continue operation instead of closing down.
• Fixed bug where an empty line after the header in the zalog would cause an error on import.
• Changed ZoneLog database file extension from .zld to .dzl as ZA uses .zld for certain quarantined files.
• Added an external control to handle DNS lookups more reliably.
• Added option to exclude Friendly addresses from Attack Analyser.
• Added option to exclude Friendly addresses in Report Mode.
• Attack Analyser now remembers last used settings.
• Added option to repair a corrupt ZoneLog database.
• Fixed bug that caused a 'Syntax Error' error in bulk DNS lookup.
• Fixed bug in ZA Format export where colon between source address and port was sometimes missing.

Previous Beta Releases

• Fixed bug where tagging an address would cause a runtime error (appeared in V0.44/45).
• Added proper recognition for MailSafe quarantined email attachment entries.
• Added 'Last X Days' option for Raw log listing range.
• Added 'Severity' column to log list to show attack type, enabled/disabled via Options as can slow down large logs.
• Attack Analyser form resizeable
• Fixed bug where sorting by Source would not list 'program' entries alphabetically.
• Fixed rare import bug when checking if log is a valid ZA log.
• Added additional text in appropriate places to warn that information given is not definitive and should be checked thoroughly.

• Fixed 'Invalid use of Null' error in Attack Analyser and Activity Summary modules.
• Fixed bug in Attack Analyser if date format uses dots.
• Fixed sorting by Date in Attack Analyser module.
• Fixed bug where request dialog for DNS Lookup on Email Report would hide behind the Details form.
• Fixed 'Help' button on Attack Analyser.
• Fixed 'Open' button on Database Selector.
• Added date selection and manual Y-Axis scaling to Activity Summary graph.

• Returned the DNS lookup to non-async code as the async calls have problems and often result in no data found. The drawback of this is that cancelling the lookup of 'all unresolved addresses' is no longer instantaneous.
• Bugfix, going into Details using RMB popup menu on the main grid disabled RMB popup on Details for 'Copy' action, now fixed.
• Analysis form now resizable, columns resizable too.
• Added Summary form (F11) with activity graph.
• Added Attack Analyser to find multiple hits from a single address within a set time period.
• Added ability to manually edit host name on Details form (right-click menu, Edit).
• Added option to enter 4 preset email header file locations with dynamic selection on Email Report form.
• Added secondary code to open web browser if primary code fails to do so.
• Sorting by IP Address now sorts numerically, correctly.
• Added option of multiple databases for different 'projects'.

• Fixed bug that caused 'Object invalid or no longer set' errors after compacting the database (usually after a purge operation).
  
• Fixed bug where Zonelog would not appear in Windows Alt-Tab list if the Details form was open.
  
• Added ability to select multiple entries on main grid and create an email report showing all of them (assuming they all have the same source address).
  
• Main form height can be reduced much further than before.
  
• Bugfix, using custom email header (Emailheader.txt) would ignore carriage returns, now fixed.
  
• Zonelog can now recognise if the log file delimiter changes part way through the ZAlog and continue to import the remaining data.
  
• Fixed a formatting error if exporting to a ZAlog formatted file.
  
• Fixed bug where selecting multiple entries and scrolling down would deselect entries above.
  

• Fixed bug in gridfill routine, too many entries caused an overflow.
  
• Fixed bug on DNS lookup form, resolved/unresolved count was showing 1 less than actual count.
  
• Fixed bug where highlighting all visible entries then selecting 'Delete' from the popup menu caused a runtime error.
  
• Fixed a few minor operational bugs.
  
• Split options form into individual sections.
  
• Moved Options to Tools menu.
  
• Added multiple, user definable WHOIS web sites to the WHOIS options.
  
• Improved DNS lookups with user-definable time-out setting (in Options/Misc) and instant response to user cancellation.
  
• Added facility to import an alternate ZA log (Shift-F2), use with caution, this routine does NOT check for duplicate entries during import (you can also use it to import older logs).
  
• Export now has 3 format options, ZALog format, Extended1 (includes host names), Extended2 (includes host names and port type(if known)).
  
• Added 'Port Type' note when mouse moves over port numbers on the main grid (known ports only).
  
• Email report also includes destination port type (if known).
  

• Fixed bug in Import routine
  

• Bugfix: if ZAlog.txt had empty lines at the top of the file it would cause import problems.
  
• Extra error handling for bad data in a ZALog.
  
• Minor modification to DNS lookup code which 'may' help those few users that have reported problems with lookups.
  
• Added log printing.
  
• Added IP tagging to mark particular addresses as friendly or unfriendly
  

• Improved ZALog delimiter detection.
  
• Added ZA formatted output sample to email report.
  
• Added option for custom email header - if Zonelog finds a file called 'emailheader.txt' in the ZoneLog folder then it will insert the contents of the text file before the entry details in the email text instead of the default header text.
  
• Added Help buttons to sub forms.
  
• Added DNS lookup for ALL unknown addresses (Tools menu)
  

• Important information to existing users
  This version uses a new database structure, on first run ZoneLog will create a new database, it will then look for a database from a previous version and offer to import the data. The old database will then be renamed to ZoneLog.~at There is no need to rename or move any existing files yourself providing ZoneLog is run from the same folder as any previous version.
  
  
• Bugfix, switching away and back to Report-Mode after last using the Address or Time/Date filters would show the wrong filter button depressed.
  
• Increased grid colouring speed further.
  
• Added more colours for different types of attack.
  
• Added Host Name info to main grid (for known DNS lookups).
  
• Columns on main grid now user resizeable.
  
• Added popup menu to main grid offering several new options.
  
• Added option to use external WHOIS application.
  
• Added 'Email report preparation' to Details form.
  
• Added option to export purged entries to an archive text file.
  
• Added a basic analysis form to the Tools menu which shows total hit counts for address or ports.
  
• Report Mode - Added filtering by group, e.g. by Outgoing Only, DoS Attacks Only, Trojan Attacks Only, etc.
  

• Bugfix, some system's date display settings meant that Zonelog would not display any entries for Date Range listings.
  
• Updated Samspade lookup link to reflect changes at Samspade.
  
• Added user definable option for WHOIS lookup site.
  
• Cleaned up Options form.
  
• Added more info to diagnostic.log in diag mode.
  
• Added a basic Windows Help file
  

• Bugfix, a single entry in the log list wouldn't get coloured.
  
• Bugfix, clicking on main table headers to sort were out of alignment by 1 column since V0.34
  
• ZoneLog can now detect if ZA logging is enabled.
  
• Added 'Save' dialog to Export form.
  
• Added option to disable colouring on main grid.
  

• Fixed bug with expiry date on systems using other languages.
  
• Added some database properties to the About box.
  
• Added Status bar information.
  
• Added Time field to Report mode inputs.
  
• Added ability to Purge log entries from the database.
  
• Improved main list population speed by as much as 10x on large logs.
  
• More detail included in diagnostic log.
  
• Improved log import/clearing routine.
  
• Some cosmetic changes.
  

• Bugfix, overflow during import if ZAlog.txt was over a certain size.
  

• Bugfix to improved checking for Zonelog database if removed.
  
• Fixed bug where a colon within the application name of a PE entry would wrongly store the remainder of the name as a port number.
  
• Stopped 'Normal' view from repopulating grid when switching from Report mode if no report was created.
  
• Added info for FWOUT 'type' connections, though I'm not entirely sure what causes them yet as I haven't had any myself.
  
• Added buttons to details form to go to 'First' and 'Last' log entries.
  
• User can close Details form pressing Escape.
  
• Added database compaction tool.
  
• Added Progress bar for time-consuming operations.
  

• Fixed bug where clicking column header to sort in Report Mode reverted to Normal Mode listing.
  
• Minor cosmetic cleanup
  

• Replaced minimise button that somehow vanished in 0.20
  
• Made main form resizable
  
• Added Export to File (csv) or Clipboard, exports the contents of the main list.
  
• Added Report Mode whereby the user may select certain filters to produce a desired report list.
  

• Changed database structure so that ports are separated from the IP addresses enabling proper sorting by Port on the main list.
  ZoneLog will prompt to update the database before it can be used.
  A temporary copy of the log will be made during the update process in case of problems (logdata.tmp) and removed on success.
  YOU WON'T BE ABLE TO USE A PREVIOUS VERSION OF ZONELOG AFTER THE UPDATE.
  
• Added colour configuration for log entries.
  

• Fixed bug where details form wouldn't appear (on screen) after an autoupdate occurred whilst minimised.
  
• Pressing 'Enter' on the main grid now brings up the details of
  the highlighted entry.
  

• Added timed auto update (to import ZA log).
  
• Main grid sorting now done by clicking column headings.
  
• ZoneLog now stores all of the user's last display settings.
  
• Redesigned main form to reflect above changes.
  
• Added Right mouse popup on details form to copy IP and DNS data.
  
• Changed RIPE query to Sam Spade Tools as much more useful.
  
• Changed the code that opens the web browser as it did not work under NT.
  

• Added colour to the main log listing to distinguish possible (known) attempted attacks, outgoing connection attempts, and all others..
  
• Improved layout of 'Details' form.
  
• Added buttons on 'Details' form to perform a WHOIS query on the RIPE database.
  
• Added a minimise button to the main form.
  

• Fixed error where some ZA logs use comma delimiters instead of TAB delimiters.
  
• Improved error reports.
  
• Added diagnostic.log output created after an error.
  

• Fixed error entering some data in the database.
  

• First public Beta release.