<> Trend Micro, Inc. June 21, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Smart Protection Server (TM) version 2.6 Patch 2 - Build 2073 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About Smart Protection Server (TM) version 2.6 Patch 2 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About Smart Protection Server (TM) version 2.6 ======================================================================== Trend Micro(TM) Smart Protection Server uses file reputation and web reputation technology to detect security risks. Trend Micro(TM) Smart Protection Server hosts virus/malware/web threat pattern definitions, and makes these definitions available to other computers on the network to verify potential threats. Once installed, Trend Micro Smart Protection Server can be integrated seamlessly with Trend Micro products that support Smart Protection Server. 1.1 Overview of This Release ===================================================================== This patch includes fixes to issues discovered after the release of Smart Protection Server (TM) version 2.6 (build 2038). It also adds a new feature. Refer to Section 2, "What's New", for details. 1.2 Who Should Install This Release ===================================================================== You should install this patch release if you are currently running Smart Protection Server (TM) version 2.6 (build 2038) or Smart Protection Server (TM) version 2.6 patch 1 (build 2054). 2. What's New ======================================================================== This patch includes the following enhancement(s): Note: Please install Smart Protection Server 2.6 before completing any procedures in this section (see "Installation"). 2.1 Enhancements ==================================================================== This patch: - Enhanced Web Reputation Service by allowing incremental updates for the Web Blocking List. This reduces the memory and network bandwidth usage when loading the Web Blocking List. The new database needs 2GB or more of extra disk space(/var/tmcss/wcspat terns/ws/cupcake). This is because the Web Blocking List will continue to increase in size as more sites get blocked. For more information about the size of the database, refer to: http://esupport.trendmicro.com/solution/en-us/1098328.aspx The downloaded Web Blocking List will also use a new format for the incremental patterns. - Current format: x.xxx.xxxxx - New format: xxxxxxxx x represents a numerical number. - Multilingual User Interface (MUI) for the following pages: - Smart Protection > Reputation Services - Smart Protection > C&C Contact Alert - Logs > Blocked Web Access Log Previous patch: - Deep Discovery Advisor integration and the Virtual Analyzer list: Smart Protection Servers can integrate with Deep Discovery Advisor to obtain the Virtual Analyzer C&C server list. The Deep Discovery Advisor Virtual Analyzer evaluates potential risks in a secure environment and, through the use of advanced heuristics and behavioral testing methods, assigns a risk level to the analyzed threats. The Virtual Analyzer populates the Virtual Analyzer list with any threat that attempts to connect to a possible C&C server. The Virtual Analyzer list is highly company-specific and provides a more customized defense against targeted attacks. Smart Protection Servers retrieves the list from Deep Discovery Advisor and can evaluate all possible C&C threats against both the Global Intelligence and the local Virtual Analyzer list. 2.2 Resolved Known Issues ===================================================================== Patch 1 and 2 resolves the following product issues: (TMSPS_2.6_linux_en_hfb2040) Issue 1: All widgets related to the File Reputation Service may show incomplete data or may not show any data under certain conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: Patch 1 updates the LogImport program to ensure that all widgets related to the File Reputation Service display complete and accurate information. (TMSPS_2.6_linux_en_hfb2041) Issue 2: The following vulnerabilities affect the Smart Protection Server's OpenSSH and SSL modules: - CVE-2006-5051 - CVE-2007-4752 - CVE-2010-4478 - CVE-2008-1483 - CVE-2009-2904 - CVE-2008-1657 - CVE-2008-3234 - CVE-2007-2243 - CVE-2006-4925 - CVE-2007-2768 - CVE-2010-4755 - The SSL (Secure Socket Layer) Server supports weak encryption keys, which are defined as encryption keys that are less than 128-bits long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: Patch 1 updates the SSL module to enable the SSL Server to support only encryption keys that are longer than 128 bits and upgrades the OpenSSH module to resolve the other vulnerabilities. Note: According to the Microsoft(TM) Knowledge Base, Microsoft Windows(TM) Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) when the CA is configured to use SHA2 256 or higher encryption format versions. Servers or computers running on any of the following platforms should also apply Windows HotFix:968730 to work around this issue: - OfficeScan Servers installed on Windows Server 2003 - Workstations that log onto Smart Protection Server 2.6 web console and is installed on Windows Server 2003 or Windows XP You can download the Windows HotFix:968730 from: http://support.microsoft.com/kb/968730/en-us. (TMSPS_2.6_linux_en_hfb2043) Issue 3: The following vulnerabilities affect the Smart Protection Server's PHP module: - CVE-2012-2688 - CVE-2012-3365 - A vulnerability which can allow attackers to access sensitive information, such as cookies or authentication data, in the HTTP headers of requests. - A vulnerability which can allow attackers to trigger an "Easter Egg" image or display information about the PHP server on a PHP web page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Patch 1 updates the lengths of SSL encryption keys and upgrades the PHP module to a version that is no longer affected by these vulnerabilities. (TMSPS_2.6_linux_en_hfb2052) Issue 4: Due to the large size of the File Replication Service pattern file, pattern updates may take longer than an hour to complete when the Smart Protection Server load is heavy. Under this situation, Smart Protection Server may lose some incremental pattern files which will require Trend Micro OfficeScan(TM) clients to download the full Smart Filter file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: Patch 1 enables the Smart Protection Server to enumerate pattern files and generate Smart Filter files faster during pattern file updates. This ensures that pattern file updates complete faster and lowers the chances of losing incremental pattern files. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you deploy Trend Micro Smart Protection Server smoothly. o Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Trend Micro Smart Protection Server "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Trend Micro Smart Protection Server. o Readme.txt files -- version enhancements, basic installation, known issues, and release history. Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== No changes from the system requirements in the product readme. This patch needs at least 2GB of extra disk space. 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== This section explains key steps for installing the software. 1) Download the "TMSPS_2.6_linux_MUI_patch2_B2073.zip" patch file from the Trend Micro Download center and then extract the patch package to a temporary folder. 2) If the current version of "SmartProtection Server" is "1004", do the following: a) Log on to the Smart Protection Server using an account with root privileges. b) Type the following commands: #chown root:webserv /usr/tmcss/bin/UpdateManage.exe #chmod 4750 /usr/tmcss/bin/UpdateManage.exe 3) Use an account with administrator privileges to log on to the SPS Web user interface. 4) Go to "Updates" > "Program". 5) In the "Upload Component" section, click "Browse" and select the "tmsss-service-patch-2.6-1005.x86_64.tgz" file. 6) Click the "Upload" button. The information on the available program files displays. This is needed to reboot the server. 7) Click the "Update Now" button if you have no concerns. A popup window will remind that the server will reboot. 8) To verify: - Check that the "Help" > "About" page shows that the build version is "2073". - Check that the "Updates" > "Program" page shows the following versions: The current version of the "Smart Protection Server" is "1005". 9) Clean your browser's cookies and temp files to prevent it from using old cached Javascript(TM) files. 5.2 Uninstallation ======================================================= No uninstallation steps are provided. 6. Post-Installation Configuration ======================================================================== No post-installation steps are required. 7. Known Issues ======================================================================== There are no known issues in this release. 8. Release History ======================================================================== Visit the following web site for more information about updates to this product: http://downloadcenter.trendmicro.com 9. Files Included in This Release ======================================================================== Filename Build No. ==================================================================== AU.exe 2.6.2073 MakeBF 2.6.2073 InitTask 2.6.2073 StatusCheck 2.6.2073 lwcsd 2.6.2073 InitSQLiteDB.sh 2.6.2073 LogImport 2.6.2073 lwcsmonitor 2.6.2073 PtnImport 2.6.2073 UpdateWCSPattern.sh 2.6.2073 TestBF 2.6.2073 GenServerCertificate.sh 2.6.2073 lwcsctrl 2.6.2073 GenCRCDiff 2.6.2073 liblogposter.so 2.6.2073 liblwcsipc.so 2.6.2073 libBWListFilter.so 2.6.2073 libBWListUtility.so 2.6.2073 CCCAUpdate.exe 2.6.2073 libtmufeng_32.so 3.61.1013 libtmufeng.so 3.61.1013 AuPatch 2.85.1057 libtmactupdate.so 2.85.1057 libpatch.so 2.85.1057 liblwtpciu32.so 2.85.1057 libvsapi.so 9.52.0.1021 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates,pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Server (TM) are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide