<<<>>> Trend Micro Incorporated March 19, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 9.0 Patch 2 - Build 1623 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents =================================================================== 1. About InterScan Messaging Security Virtual Appliance 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and anti-spyware. Content-filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 1.1 Overview of this Release ===================================================================== This patch release includes all hotfixes after the release of IMSVA 9.0 GM Build 1383. 1.2 Who Should Install this Release ===================================================================== Install this patch if you are currently running any package released before IMSVA 9.0 Build 1623. 2. What's New ======================================================================== NOTE: Please install the patch before completing any procedures in this section (see "Installation"). This patch addresses the following issues and includes the following enhancements: 2.1 Enhancements ==================================================================== The following enhancements are included in this patch: Enhancement 1: Social Engineering Attack Policy - When users integrate IMSVA with Virtual Analyzer, IMSVA sends all email messages that trigger the "Social Engineering Attack" policy to the Virtual Analyzer for further analysis. This patch enables IMSVA to categorize "Social Engineering Attack" email messages and to send only suspicious "Social Engineering Attack" email messages to the Virtual Analyzer for further analysis. Enhancement 2: Compressed File Scans - The Trend Micro Scan Engine (VSAPI) may not be able to decompress compressed files that contain new features and returns an -81 error instead which then triggers the IMSVA scan exception policy. This patch enables users to configure IMSVA to ignore the error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure IMSVA to ignore the -81 error: a. Install this patch (see "Installation"). b. Connect to the IMSVA database using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Run the following SQL statement in a single line. INSERT INTO tb_global_setting VALUES ('virus', 'VSBIgnNotSupportedErr', '1', 'imss.ini', NULL); NOTE: The default value is "0", which allows the -81 error to trigger the IMSVA scan exception policy. d. Log off from the database server by running the following command: \q e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 3: Log Files - This patch adds the "msgerror.imss" log file in IMSVA. This log file contains information about when IMSVA cannot release or delete email messages. Enhancement 4: Web Console - When users query logs from IMSVA, the IMSVA web console displays only up to 15 logs on each page. This patch enables users to configure the default number of logs for each page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To configure the default number of logs to display on each page: a. Install this patch (see "Installation"). b. Open the "imssDefine.properties" file in the "/opt/trend/imss/UI/adminUI/ROOT/WEB-INF/classes/" folder using a text editor. c. Locate the "log.query.defaultPageSize" key and set its value to the preferred number of logs for each page. For example, to set each page to display up to 100 logs, set "log.query.defaultPageSize=100". NOTE: The default value of this key is "15" and it accepts any of the following values: 10;15; 20;30;50;100;200. d. Save the changes and close the file. e. Restart the admin console using the following command: /opt/trend/imss/script/S99ADMINUI restart Enhancement 5: Web Console - This patch enables IMSVA to display the long virus names instead of the short virus names to provide users with more accurate information. Enhancement 6: Email Notifications - IMSVA provides a disk quota setting in the quarantine and archive settings. If the size of a message queue exceeds the quota, the oldest email messages will be removed from the queue. This patch adds a notification for administrators if the queue size reaches x% of the quota. That is, administrators will be notified before the queue is full and can decide whether to expand the queue size or remove the oldest messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To change the notification threshold: a. Install this patch (see "Installation"). b. Connect to the IMSVA database using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Run the following SQL statements to set the threshold to the preferred value (replace x with the preferred value) insert into tb_global_setting values('quarantine', 'quarantine_notify_threshold','x','imss.ini',''); insert into tb_global_setting values('quarantine', 'archive_notify_threshold','x','imss.ini',''); NOTE: The default value of this key is "90", which means that a notification message will be sent when the space usage exceeds 90%. Setting the value to "0" disables the notifications. d. Log off from the database server by running the following command: \q e. Restart the manager service using the following command: /opt/trend/imss/script/S99MANAGER restart Enhancement 7: Message Tracing Logs - This patch allows users to configure the number of flush records in the imported message tracing logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To configure this number: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "imss_manager" section: [imss_manager] LogImporterLineFlushThreshold=100 NOTE: The default value is 500. d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99MANAGER restart Enhancement 8: Ransomware Detection - This patch gives users more visibility on ransomware detected by IMSVA. Users can either query ransomware detections in logs or add a widget for ransomware detections on the dashboard. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To add a widget for ransomware detections: a. Install this patch (see "Installation"). b. Clear your browser cache if your browser accessed the IMSVA management console before. Otherwise, the newly added ransomware widget may have some display issues. c. Log on to the management console, go to the "Dashboard" screen, and click your preferred tab (for example, the "Message Traffic" tab). Click "Add Widgets" on the right side of the screen. d. Type keywords to search for "Ransomware Detections", select it, and click "Add". The "Ransomware Detections" widget appears on the original tab that you clicked. Enhancement 9: Exported Log Files - This patch enables users to open CSV files exported from IMSVA using Microsoft(TM) Excel(TM) by double-clicking them. Enhancement 10: Advanced Threat Scan Engine - This patch allows users to configure the Advanced Threat Scan Engine (ATSE) in IMSVA to detect certain types of files in messages when Virtual Analyzer is enabled and to send suspicious messages to Trend Micro Deep Discovery Advisor for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 10: To enable this option: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "1": [general] atse_afi_file_declaration_detect=1 NOTE: To disable the feature, set "atse_afi_file_declaration_detect=0" which is the default value. d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart NOTE: Trend Micro recommends enabling this feature only when IMSVA is integrated with Virtual Analyzer. Enhancement 11: Antispam Policy - This patch allows users to configure the IMSVA antispam policy to detect new types of threats. NOTE: This patch upgrades the antispam engine to add information about new types of threats. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To enable this option: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add or locate the "tmase" section, add or locate the "enable_tlsh_decompress" key under the section, and set its value to "yes": [tmase] enable_tlsh_decompress=yes NOTE: The default value of this key is "yes" which enables the option. To disable the option, set "enable_tlsh_decompress=no". d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 12: Web Reputation Service - The IMSVA Web Reputation Service (WRS) has a list of approved special URLS, for example, those in JPG formats, which the WRS server allows users to access without checking. This patch adds an option to enable or disable the approved list of special URLs in WRS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To enable the approved list of special URLs in WRS: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "wrsagent" section and set its value to "yes". [wrsagent] tmufe_file_exclude_extlist=yes NOTE: The default value of this key is "yes" which enables the option. To disable the option, set "tmufe_file_exclude_extlist=no". d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 13: Email Messages from Mobile Devices - This patch enables IMSVA to add stamps to email messages sent from mobile devices. Enhancement 14: Attachment Policy - The IMSVA attachment "Name or extension" policy can recognize the filename and extension of files in password-protected ZIP files. This patch provides an option to enable or disable this feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To enable/disable the feature: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set the preferred value. [general] EnableScanFileNameInPasswordCompress=x NOTE: The default value of this key is "yes" which allows the IMSVA attachment "Name or extension" policy to recognize the file name and extension of files in password- protected ZIP files. To disable the feature, set the value to "no". d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 15: Log Files - This patch adds a special type of log related to the eManager(TM) module to help in the daily operation. Enhancement 16: Email Notifications - This patch enables the IMSVA policy service to add host name information to the notifications it sends to administrators when it cannot connect to the database or to the LDAP server. This information indicates which computer sent the notification. Enhancement 17: Trend Micro Data Loss Prevention(TM) Module - This patch updates the Data Loss Prevention (DLP) templates and the DLP data identifier types. Enhancement 18: Policy Server - This patch improves the performance of the policy server in making LDAP queries. Enhancement 19: Apache(TM) Module - This patch updates Apache(TM) Tomcat(TM) to the latest version. Enhancement 20: Apache Module - This patch updates the Apache module to the latest version. Enhancement 21: OpenSSL - This patch updates OpenSSL to the latest version. Enhancement 22: Oracle(TM) Java(TM) Runtime Environment - This patch removes Java Runtime Environment (JRE) and enables IMSVA to use open JRE. 2.2 Resolved Known Issues ===================================================================== IMSVA 9.0 Patch 2 resolves the following issues: Issue 1: In certain scenarios, users receive scanning exception for BCC action notifications about normal email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch ensures that normal email messages do not trigger the scanning exception for BCC actions. Issue 2: Sometimes, IMSVA message tracing services cannot start normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch resolves this issue. Issue 3: The IMSVA 9.0 Patch 1 program is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch resolves the vulnerabilities. Issue 4: If users enable client authentication though SMTP Authentication (SMTP-AUTH) in an SMTP session, the IMSVA message tracing log may not be able to record the connecting IP address in the log details. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch resolves this issue. Issue 5: When an email message triggers the IP filtering function and the sender's email address contains certain special characters, IMSVA may add the wrong email address to the corresponding log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that IMSVA records the correct sender's email address. Issue 6: Some webpages cannot be displayed after users click the "Cancel" button. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch ensures that users are directed to the correct pages. Issue 7: Sometimes, if the downstream mail transfer agent (MTA) of the next hop MTA uses the tarpitting feature on the RCPT command, IMSVA cancels the sending of the notification with a 120-second timeout. When this happens, notifications accumulate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch enables IMSVA to try to send the notification email again under this scenario. This patch allows users to set the timeout value of the RCPT command to a value larger than 120 seconds so that the tarpitting feature can work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To configure the timeout: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/ config" folder using a text editor. Add the following setting under the "imss_manager" section: [imss_manager] smtp_rcpt_response_timeout=150 NOTE: The default value is 120. c. Save the changes and close the file. d. Restart the scanner service using the following command: /opt/trend/imss/script/S99MANAGER restart Issue 8: If IMSVA is deployed in a parent-child setup, there is a very small possibility that IMSVA may assign different table IDs for email messages received within one hour. When this happens, users cannot delete or release these email messages from the End User Quarantined (EUQ) console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch resolves the issue by ensuring that IMSVA assigns only one table ID to all email messages quarantined within the same hour. Issue 9: If the "msg_retry_bookmark" setting is re-set to a previous value, the IMSVA manager may process an email message twice for the same recipient. When this happens, the email message may be lost or the recipient may receive the email message twice. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch ensures that the IMSVA manager processes email messages once for each recipient. Issue 10: Email messages sent from Microsoft Windows(TM)phones and iPhones cannot be encrypted correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch upgrades the email encryption module to enable it to encrypt email messages sent from Windows Phones and iPhones. Issue 11: An issue related to the IMSVA TLSH function may trigger the IMSVA scan service to stop unexpectedly while scanning certain ZIP or TAR.GZ file attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch resolves the issue to ensure that IMSVA can scan ZIP or TAR.GZ file attachments normally. Issue 12: If a malformed email message is quarantined and reprocessed by an administrator, the IMSVA Message Tracking feature cannot display the reprocessing record. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch ensures that the IMSVA Message Tracking feature can display the events for quarantined and reprocessed malformed email messages. Issue 13: Under certain conditions, the anti-spoof filter does not work and allows spoofed internal messages to bypass IMSVA 9.0 Patch 1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch ensures that anti-spoof filter works normally. Issue 14: Users may not be able to search for email messages using certain special keywords. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch ensures that users can search for specific email messages normally. Issue 15: Under some special conditions, IMSVA may use the wrong sender IP address to query the Email Reputation Services (ERS) because it cannot retrieve the sender's IP address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures that IMSVA can retrieve the sender's IP address and use it to query ERS. Issue 16: When users generate a Certificate Signing Request on the "SMTP and HTTPS Certificates" page, the wrong country code for Croatia is added to the certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch ensures that the correct country code appears on the certificates. Issue 17: If IMSVA is registered to Trend Micro Control Manager(TM) and the Control Manager Agent (CMAgent) is killed, the system semaphore leaks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch prevents the system semaphore leakage. Issue 18: IMSVA may not be able to decode certain Japanese characters in message headers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch allows IMSVA to decode these Japanese characters in message headers. Issue 19: Social Engineering Attack Protection must be activated by the Spam Prevention Solution license. However, IMSVA mistakenly allows users to enable Social Engineering Attack Protection even when the Spam Prevention Solution license is not activated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch ensures Social Engineering Attack Protection is only available when the Spam Prevention Solution license is activated. Issue 20: When the "AllowScanEmbeddedBase64Attachment" key in the "imss.ini" file is enabled, IMSVA may encounter a high CPU usage issue while scanning certain types of email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch upgrades the eManager module to resolve this issue. Issue 21: The Linux kernel is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch upgrades the Linux kernel to remove the vulnerabilities. NOTE: You must restart all IMSVA's computers as scheduled to enable these to start from the new kernel. Issue 22: Users cannot add certain valid domains into the pre-filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch ensures that users can add valid domains to the pre-filter. Issue 23: A third-party Sender Policy Framework (SPF) module cannot handle certain valid DNS TXT records. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch upgrades the third-party module to resolve this issue. Issue 24: Every time a user clicks "Save and Sync" after configuring an LDAP server, the local LDAP service synchronization process starts. If the LDAP server holds large amounts of data, this process may cause performance issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch disables local LDAP service synchronization when both of the following conditions are met: 1. There is only one specified LDAP server. 2. The Cloud Pre-Filter email address synchronization is not enabled. Issue 25: If "Smart Scan" is enabled, IMSVA scanner may need to reload new "Smart Scan" pattern every hour. When reloading the new "Smart Scan" pattern, there is a very small possibility that the scanner may stop responding on the reload. If this happens, it cannot process new email messages. This issue corrects itself by automatically recovering on the next pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch ensures that the scanner can reload the "Smart Scan" pattern without issues. Issue 26: The IMSVA "True file type" policy may not able to detect some special Microsoft Office(TM) files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch upgrades the eManager module to ensure that IMSVA can detect special types of Office files using the "true file type" policy. Issue 27: If users submit email messages to Virtual Analyzer for further analysis, IMSVA sends the whole email, subject lines and other information to the Virtual Analyzer. Sometimes, the email subject may violate the RFC and cannot be converted to UTF-8. As a result, Virtual Analyzer cannot handle these email messages with non-UTF-8 subject lines. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch enables IMSVA to attempt to convert the subject line to UTF-8. If the conversion to UTF-8 fails, IMSVA encodes the subject line using URL encoding. This update ensures that Virtual Analyzer can analyze the email messages. Issue 28: The Message-ID in IMSVA 9.0 policy notification email messages follow the wrong format which violates RFC rules. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch ensures that the Message-ID in policy notification email messages conform to RFC rules. Issue 29: An IMSVA service cannot work when a proxy server is configured. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This patch ensures that IMSVA services work normally under a proxy server. Issue 30: Message tracking logs of IMSVA may not track some special types of email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This patch ensures that IMSVA can track those types of email messages. Issue 31: Some carefully prepared email messages that violate RFC cannot be detected by IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This patch updates the TmMsg module to enable IMSVA to detect those malformed email messages. Issue 32: IMSVA may not be able to query a Lightweight Directory Access Protocol (LDAP) server if the server group name contains a "(" or ")" character. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This patch ensures that IMSVA can handle the "(" and ")" characters in LDAP server group names. Issue 33: IMSVA notifies administrators if it cannot send queries to the Virtual Analyzer server because of a network issue, however, the notifications do not state the reason why it cannot send the queries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch ensures that the notifications contain the reason why IMSVA cannot send queries to the Virtual Analyzer server. Issue 34 Sometimes, IMSVA may not able to use multiple LDAP servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This patch ensures that IMSVA can use multiple LDAP servers. Issue 35: Sometimes, IMSVA may not able to quarantine certain types of email messages. If this happens, IMSVA keeps sending the email messages to the scanner for scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch ensures that IMSVA can quarantine these email messages. Issue 36: Some modules in IMSVA 9.0 are affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This patch updates these modules in IMSVA 9.0 to remove the vulnerabilities. Issue 37: The glibc module in IMSVA 9.0 is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch updates the glibc module in IMSVA 9.0 to remove the vulnerability. Issue 38: Under certain extreme conditions, the tlsagent process may not be able to start successfully when users restart all IMSVA services. When this happens, IMSVA will not be able to receive email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch ensures that the tlsagent process can start successfully when users restart all IMSVA services. Issue 39: An issue causes IMSVA to treat ATSE 9.860 as an older version of itself. As a result, the "password guessing" and "macro" detect features do not work properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch ensures that IMSVA can detect the correct ATSE version. Issue 40: Users may not able to access the "Cloud Pre-Filter" page of the administrator console if IMSVA uses a proxy to connect to the Pre-Filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch ensures that users can access the page without issues. Issue 41: Under certain extreme conditions, IMSVA may not be able to upload logs to the database, and when this happens, users will not be able to view logs on the console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This patch ensures that IMSVA can successfully upload logs to the database. Issue 42: IMSVA may not be able to generate scheduled reports after users import the configuration from certain builds of IMSVA 8.2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This patch ensures that IMSVA can successfully generate scheduled reports. Issue 43: Users may not able to set the "Scan Method" to Smart Scan when the current network connection is intermittent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This patch extends the timeout value to ensure that users can set the "Scan Method" to "Smart Scan" when the network connection is intermittent. Issue 44: When the protocol is set to "HTTPS" on the "Administration > IMSVA Configuration > Connections > Components" page, and the parent IMSVA is down, child IMSVA devices will not be able to query policies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This patch ensures that child IMSVA devices function normally under any protocol even when the parent IMSVA is down. Issue 45: IMSVA may encounter a high CPU usage issue while scanning email messages that contain certain Microsoft Excel files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This patch upgrades the eManager module to resolve the issue. Issue 46: When the log rotation cycle is set to "0", IMSVA rotates the "msgtra.imss.*" log file every minute. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: This patch ensures that IMSVA rotates the "msgtra.imss.*" log file correctly. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IMSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install IMSVA 9.0 before installing this patch. You can download this package from: http://www.trendmicro.com/download/ 5. Installation ======================================================================== NOTE: You must install this patch on all computers running IMSVA if you are using distributed deployment mode. 5.1 Installing ===================================================================== To install this patch: 1. Log on to the IMSVA web management console. 2. Click "Administration > Updates > System & Applications". 3. Select the patch package and upload it. 4. After a few minutes, check the latest uploaded package information to make sure the management console successfully uploaded the patch package to IMSVA. 5. If you have set up a group of IMSVA devices, select all child devices in the "Current status" section. Otherwise, select the parent device. 6. Click the "Update" button. 7. If a group has been set up, wait for all child devices to finish updating before selecting the parent device in the "Current status" section. Otherwise, go to step 10. 8. Click the "Update" button. 9. Wait for a few minutes and log on to the IMSVA web management console again. 10. Click "Administration > Updates > System & Applications". 11. Ensure that the "OS version"/"Application version" values for all items in the "Current status" section matches this patch version: OS Version: 2.6.32 Application Version: 9.0.0.1623 5.2 Uninstalling ===================================================================== To roll back to the previous configuration: 1. Log on to the IMSVA web management console. 2. Click "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears, showing the updates and related log information. 4. Click "Rollback" to remove an update. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this release. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8.1 Patch 1 ===================================================================== 8.1.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: WRS newborn URLs - Patch 1 enables IMSVA 9.0 to use WRS and ERS information to scan email messages. This improves its ability to handle WRS newborn URLs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To disable this feature: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "general" section and set its value to "no". [general] use_new_born_for_spam = no NOTE: The default value of this key is "yes" which enables the feature. d. Save the changes and close the file. e. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 2: Simple Network Management Protocol - Patch 1 allows users to set which version of Simple Network Management Protocol (SNMP) should IMSVA 9.0 use to send SNMP trap messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To set the SNMP version for sending SNMP trap messages: a. Log on to the IMSVA admin console. b. Go to the "Administration > Notifications > Delivery Settings" page. c. Select the preferred version from the drop down list for "SNMP version". NOTE: This is set to "SNMPv1" by default. d. Click the "Save" button. Enhancement 3: Case Diagnostic Tool - Patch 1 adds more information to Case Diagnostic Tool (CDT) logs to help users in troubleshooting issues. Enhancement 4: LDAPS Encryption - Patch 1 enables IMSVA 9.0 to use LDAPS to encrypt LDAP communications. NOTE: Please contact Trend Micro Support for the steps to enable this feature. Enhancement 5: Virtual Analyzer - Patch 1 enables IMSVA 9.0 to support the asynchronization integration mode for Virtual Analyzer. In asynchronization mode, if an email message is marked as suspicious by the ATSE or SNAP engine, the email sample will be able to trigger scan conditions immediately without waiting for the evaluation result from Virtual Analyzer. IMSVA 9.0 will still send a copy of the email sample to Virtual Analyzer for further analysis and will add the information to the corresponding policy event log once it receives the results. If IMSVA is configured to send true file types to Virtual Analyzer for analysis and the email sample does not trigger a scan condition, IMSVA will still send the email sample to Virtual Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To change Virtual Analyzer integration mode: a. Connect to the database using the following command on the parent device: /opt/trend/imss/PostgreSQL/bin/psql imss sa b. Open the "Mail Areas & Queues Management > Virtual Analyzer" page of the admin console and ensure that Trend Micro Deep Discovery Analyzer is not processing email messages. NOTE: Deep Discovery Analyzer should not be processing email messages while switching integration modes. c. Modify or insert the value of "dda_int_mode" to one of the following mode: 0 = synchronization mode (default) 1 = asynchronization mode For example, to enable asynchronization mode for the first time, run the following command (wrap the command in one line): insert into tb_global_setting values('dda', 'dda_int_mode', 1,'imss.ini'); If the key already exists, change the value to the preferred mode, in this case asynchronization mode: update tb_global_setting set value=1 where section='dda' and name='dda_int_mode' d. Exit the database console using the following command: \q e. Restart scanner service using the following command: /opt/trend/imss/script/imssctl.sh restart Enhancement 6: Virtual Analyzer - Patch 1 enables IMSVA 9.0 to support multiple servers for Virtual Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To configure multiple Virtual Analyzer servers: a. Go to "Administration > Virtual Analyzer Settings" on the IMSVA management console and select "Submit email messages to Virtual Analyzer". b. Connect to the database using the following command on the parent device: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Enable the multiple Virtual Analyzer feature by running the following command (in a single line): insert into tb_global_setting values('dda', 'enable_multi_dda','1','imss.ini',''); d. Specify the total number of Virtual Analyzer servers by running the following command (in a single line): insert into tb_global_setting values('dda', 'dda_num','N','imss.ini',''); NOTE: "N" is the number of Virtual Analyzer servers. e. Insert the information for each Virtual Analyzer server in the database by running each command in a single line for each server: insert into tb_global_setting values('dda', 'dda_host_x','V1','imss.ini',''); insert into tb_global_setting values('dda', 'dda_port_x','V2','imss.ini',''); insert into tb_global_setting values('dda', 'dda_apikey_x','V3','imss.ini',''); insert into tb_global_setting values('dda', 'dda_pref_x','V4','imss.ini',''); NOTES: - "X" is an integer between 1 and N, and should start from 1. - "V1" is the server host and can be an FQDN or IP address. - "V2" is the server's listening port. - "V3" is the API key that the server generates. - "V4" is the order of preference (priority) that the server is to be used and should be a positive integer. Lower values mean higher priority. For example, if you added two Virtual Analyzer servers, the following information should be recorded in the database: # select * from tb_global_setting where section='dda'; section| name | value |inifile |notes -------+------------ +----------------------------------+--------+----- dda |dda_apikey_1 |5EFBB869-D51A-46A1-8434-1111111111|imss.ini| dda |dda_apikey_2 |5EFBB869-D51A-46A1-8434-1111111112|imss.ini| dda |dda_enabled |1 |imss.ini| dda |dda_host_1 |192.168.1.1 |imss.ini| da |dda_host_2 |192.168.1.2 |imss.ini| dda |dda_num |2 |imss.ini| dda |dda_port_1 |443 |imss.ini| dda |dda_port_2 |443 |imss.ini| dda |dda_pref_1 |10 |imss.ini| dda |dda_pref_2 |20 |imss.ini| dda |enable_multi_dda|1 |imss.ini| f. Exit the database console using the following command: \q g. Restart the dtasagent service using the following command: S99DTASAGENT restart Enhancement 7: True File Type Detection - Patch 1 enables users to configure IMSVA 9.0 to detect true file types that are encoded and inserted into an email body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To configure IMSVA 9.0 to detect true file types that are encoded and inserted into an mail body: a. Open the "imss.ini" file in the"/opt/trend/imss/ config" folder using a text editor. b. Add the following setting under the "general" section and set its value to "yes". [general] AllowScanEmbeddedBase64Attachment=yes NOTE: This key is disabled by default. Setting the key to "yes" enables the feature while setting the key to "no" or removing the key disables the feature. c. Save the changes and close the file. d. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 8: Spam Rule Settings - Enabling the "spam_threshold_special" hidden key in IMSVA 9.0 allows users to set the spam rule settings to accept values from 3 to 99. Patch 1 enables users to set the spam rule settings to any value from 0 to 99. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To enable this option: a. On the IMSVA console, connect to the database using the following command below: /opt/trend/imss/PostgreSQL/bin/psql imss sa b. Modify or insert the "spam_threshold_special" key and set the preferred value by running one of the following commands in a single line: To insert the hidden key: insert into tb_global_setting values ('general', 'spam_threshold_special', 'x','imss.ini',' '); To change the value of the key: update tb_global_setting set value='x' where name= 'spam_threshold_special' and section='general'; Where "x" is: 0 = allows values from 3 to 10 (default) 1 = allows values from 0 to 99 NOTE: Trend Micro does not recommend enabling this hidden key unless the change is necessary. c. Exit the database console using the following command: \q Enhancement 9: Policy Server- Patch 1 enhances the exception- handling capability of the IMSVA policy server. Enhancement 10: MTA Connection - While connected to the primary MTA, IMSVA automatically tests the connection to the next MTA as it receives email messages. As a result, the next MTA may receive a large number of test connections from IMSVA but does nothing. Patch 1 enables IMSVA 9.0 to check the connection to the next MTA periodically instead of each time it receives an email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 10: To configure this feature: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "delivery_policy_server" section and set the checking interval in seconds. For example, to enable IMSVA to test the connection every minute, set: [delivery_policy_server] test_connect_expiry_time=60 NOTE: The default value of this key is "30". Setting this key to "0" disables the feature and allows IMSVA to test the connection to the next MTA each time it receives an email message. c. Save the changes and close the file. d. Restart delivery service using the following command: /opt/trend/imss/script/S99DELIVERY restart Enhancement 11: EUQ Authentication - When the EUQ authentication is through OpenLDAP, users need to use the full distinguished name to log on to the EUQ web management console. Patch 2 enables end users to configure IMSVA to accept other attributes to log in. When this function is enabled, IMSVA will search for the distinguished name that corresponds to the given attribute. If the search comes up with several distinguished names, IMSVA will use the first one on the list to logon to the EUQ web management console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To enable this feature: a. Open the "ldapscript.conf" file in the "/opt/trend/imss/ldap/openldap/" folder using a text editor. b. Set "ldap_attr_user_name" to the preferred attribute. For example, to use UID, set "ldap_attr_user_name=uid" NOTE: Please contact Trend Micro Support to confirm if other attributes are supported. c. Save the changes and close the file. d. Restart scanner service using the following command: /opt/trend/imss/script/imssctl.sh restart Enhancement 12: ATSE - Patch 1 enables the ATSE in IMSVA to detect macro threats in messages when Virtual Analyzer is enabled and to send suspicious messages to Deep Discovery Advisor for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To enable this option: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "general" section and set its value to "1": [general] atse_afi_macro_detect=1 NOTE: To disable the feature, set "atse_afi_macro_detect=0" which is the default value. c. Save the changes and close the file. d. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 13: WRS Server - Patch 1 adds a backup server for WRS queries. IMSVA will failover to this server if it cannot connect the primary WRS server. Enhancement 14: Ransomware Detection - Patch 1 enables IMSVA 9.0 to detect and display websites under the Ransomware category which should contain sites that directly or indirectly facilitate the distribution of ransomware. Users can query this information through the "Logs > Query > Policy events > Web Reputation > Internet Security > Ransomware" page of the IMSVA console. Enhancement 15: LDAP Query - The default timeout that IMSVA uses to query LDAP is 20 seconds. Patch 1 enables users to set a preferred timeout value. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 15: To enable this option: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "LDAP-Setting" section and set its value to the preferred timeout value in seconds: [LDAP-Setting] optTimelimit=360 c. Save the changes and close the file. d. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 16: TLS Protocol - Patch 1 enables IMSVA to support TLS 1.2. Enhancement 17: Cloud Pre-Filter Policy - When creating a Cloud Pre-Filter Policy, IMSVA only allows users to specify a domain, for example "example.com". Patch 1 enables IMSVA to support one-level sub-domains such as "*.example.com". When the "Valid Recipient check" feature is enabled, IMSVA will sync all the email addresses under this sub-domain. Enhancement 18: IBE-encrypted Messages - Patch 1 enables IMSVA to scan IBE-encrypted messages as normal messages when it cannot decrypt these messages. Enhancement 19: EUQ Digest - Patch 1 enables IMSVA to be able to change the EUQ link in digest messages from HTTPS to HTTP when user configure the EUQ console to use HTTP. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 19: To disable this feature: a. Login to PostgreSQL by running the following command. /opt/trend/imss/PostgreSQL/bin/psql imss sa b. Insert a flag into the "tb_global_setting" table by running the following command. insert into tb_global_setting values ('euq','euq_digest_SCHEME','http','imss.ini',''); NOTE: this feature is enabled by default. c. Log off from PostgreSQL by running the following command. \q Enhancement 20: Patch 1 enables IMSVA 9.0 to add the file name of email attachments that have triggered the content filter rule in policy event logs that it sends to the Control Manager server. Enhancement 21: Email Scans - Patch 1 enables IMSVA 9.0 to use a password-guessing function when scanning parts of an email body that commonly contain passwords. NOTE: This enhancement requires ATSE engine version 9.755.1246 and above. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 22: To enable this feature: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "general" section and set its value to "1". [general] atse_password_guessing=1 NOTE: The default value of this key is "0" which disables the feature. c. Save the changes and close the file. d. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart 8.1.2 Resolved Known Issues ===================================================================== IMSVA 9.0 Patch 1 resolves the following issues: Issue 1: A red icon appears on the main page of the IMSVA admin console if some features were not activated by a Product License. This may make users think that an error has occurred. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: Patch 1 changes the color of the icon to blue. Issue 2: The EUQ console does not accept passwords that are longer than 32 characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: Patch 1 enables the EUQ console to accept passwords up to 64 characters long. Issue 3: While checking if it needs to send out EUQ digest notifications, IMSVA 9.0 may export some information twice. When this happens, it may export the wrong information on the second instance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Patch 1 ensures that IMSVA 9.0 exports information only when necessary. Issue 4: IMSVA 9.0 may encounter performance issues after users enable a compliance rule that contains several templates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: Patch 1 upgrades the eManager module in IMSVA 9.0 to resolve the performance issue. Issue 5: The smtpd process stops unexpectedly because IMSVA does not generate a queue id when users configure a Postfix before-queue filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: Patch 1 ensures that IMSVA generates a queue ID when users configure a Postfix before-queue filter. Issue 6: When users import IMSVA 9.0 configuration files from computers running old platform versions, the database connection expire time setting is also imported. This is not necessary. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: Patch 1 ensures that IMSVA 9.0 only imports the necessary settings. Issue 7: There are some enhancements to the TMFBE module. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: Patch 1 updates the TMFBE module in IMSVA 9.0. Issue 8: Users cannot login to the EUQ console using passwords that contain a caret "^" when EUQ authentication is through an SMTP server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: Patch 1 ensures that users can log on to the EUQ console using passwords that contain a caret "^" when EUQ authentication is through an SMTP server. Issue 9: If users import configuration files from any lower IMSVA version to IMSVA 9.0, and in the old platform some policies in the "Administration > SMTP Routing > Domain-based Delivery" page contain uppercase records, IMSVA 9.0 will not be able to match these policies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: Patch 1 ensures that IMSVA 9.0 can correctly match policies under the scenario described above. Issue 10: The Smart Scan module may be affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: Patch 1 upgrades the Smart Scan module to resolve the vulnerability. Issue 11: Users may not be able to view certain email message formats in the "message tracking" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: Patch 1 ensures that users can query and view these email messages from the IMSVA 9.0 console. Issue 12: A log parsing function in IMSVA 9.0 may not be able to exit normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: Patch 1 ensures that the log parsing function exits normally. Issue 13: SNMP traps may contain the wrong OID identifier and source address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: Patch 1 ensures that SNMP traps contain the correct OID identifier and source address. Issue 14: The IMSVA "true file type" policy may not be able to detect certain types of 64-bit *.exe files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: Patch 1 ensures that the IMSVA 9.0 "true file type" policy correctly detects 64-bit *.exe files. Issue 15: Users may not able to query ERS logs when an email address in the sender or recipient field contains a single quote ("'"). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: Patch 1 ensures that IMSVA 9.0 can query ERS logs when an email address in the sender or recipient field contains a single quote "'". Issue 16: The "Total message count" information in "Traffic Summary" reports generated by IMSVA does not include the number of email messages that were rejected by ERS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: Patch 1 ensures that IMSVA includes the number of email messages rejected by ERS in the "Total message count" information on "Traffic Summary" reports. Issue 17: After applying patch 1523, users cannot view logs for reprocessed email messages in the "Logs > Query > System events > Admin activity" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: Patch 1 ensures that user can view the logs for reprocessed email messages in the "Logs > Query > System events > Admin activity" page. Issue 18: The "True file type" policy of IMSVA cannot detect executable files that were compressed in the ACE archive format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: Patch 1 ensures that the IMSVA "true file type" policy can detect executable files that were compressed in the ACE archive format. Issue 19: When users click on "Save & Synchronize" and select multiple LDAPs on the "Administration > Connections > LDAP" page, the LDAP configurations will not be saved. This issue occurs when the users' LDAP contains invalid email attribute values. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: Patch 1 enables IMSVA to check if an email address is valid or not. If IMSVA detects an invalid email address, it skips the address and continues to synchronize other records. Issue 20: When an external client attempts to perform the "reply all" action on an encrypted email message, the original senders are not added to the recipient list in the "To" field. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: Patch 1 ensures that the original senders are included in the "To" field when users perform a "Reply all" action on an encrypted email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 20: To enable this feature: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "general" section and set its value to "yes". It is disabled by default. [general] enableAddAllReceipts=yes c. Save the changes and close the file. d. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart Issue 21: The "/opt/trend/imss/temp" folder is mounted to a partition that may not have sufficient space for temporary files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: Patch 1 moves the temporary folder to a new location that has sufficient space to store temporary files. Issue 22: The "Attachment True File Type" filter does not recognize ACE archive files as compressed files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: Patch 1 enables the "Attachment True File Type" filter to classify ACE files as compressed files under the "All other types of compressed files" group. Issue 23: The "True file type > Java byte code" filter in IMSVA cannot detect Java Archive (.jar) files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: Patch 1 ensures that the "True file type" policy can detect .jar files. Issue 24: IMSVA may match some Microsoft-defined IDs to the "US: SSN (Social Security Number)" keyword. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: Patch 1 provides an option to configure IMSVA to skip ID-matching for certain keywords. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 24: To enable this feature: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "general" section and set its value to the key/keys that you want to skip separating each key with a semi-colon ";". This is disabled by default. [general] BypassKeywords=key1;key2 c. Save the changes and close the file. d. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart Issue 25: The glibc module in IMSVA 9.0 is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: Patch 1 updates the glibc module in IMSVA 9.0 to remove the vulnerability. Issue 26: There are issues related to the Python DNS third-party module. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: Patch 1 upgrades the Python DNS module to resolve these issues. Issue 27: The IMSVA Smart Scan feature uses an OpenSSL version that may be affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: Patch 1 updates the Smart Scan module to resolve the vulnerabilities. Issue 28: The "Password protected zip files (unscannable files)" filter cannot recognize password-protected ZIP files that are embedded in a Microsoft Word file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: Patch 1 enables the "Password protected zip files (unscannable files)" filter to recognize password- protected ZIP files embedded in Word files. Issue 29: Under certain conditions, the IMSVA TmFoxProxy process may trigger a high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: Patch 1 helps prevent the high CPU usage issue. Issue 30: The timestamps on the "Log Query" page of admin console are an hour behind the actual time in certain time zones. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: Patch 1 ensures that the timestamps on the "Log Query" page are in the correct time. Issue 31: When a policy rule is modified, the corresponding system event log shows the user account name "admin" but does not show the rule name. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: Patch 1 ensures that system event logs also show rule names. Issue 32: When users import spam email messages to the EUQ database in duplicate, users cannot delete the duplicate entries from the EUQ database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: Patch 1 ensures that users can successfully delete duplicate records from the EUQ database. Issue 33: IMSVA quarantines certain email messages unexpectedly because a blank expression in these email messages has been deleted by mistake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: Patch 1 provides a way to disable a trimming mechanism to help ensure that blank expressions are not deleted by mistake and work normally in regular configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 33: To disable the mechanism: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "general" section and set its value to "no". [general] EnableTrimSpaceExpression=no NOTE: The default value of this key is "yes" which enables the mechanism. c. Save the changes and close the file. d. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Issue 34: IMSVA 9.0 continues to send notifications that it cannot connect to the database even after it has successfully reconnected with the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: Patch 1 ensures that IMSVA 9.0 sends these notifications only when it cannot connect to the database. Issue 35: S99IMSS displays an error message although the daemon started successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: Patch 1 ensures that the script will show correct messages. Issue 36: Sometimes, users may click a spam rule's editing button on the "Policy List" page of the Admin UI repeatedly which may cause the approved sender list or blocked sender list of the rule to grow and exceed the 640 KB size limit. When this happens, the database and policy service may not work properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: Patch 1 resolves the issue by allowing IMSVA 9.0 to disable the edit ability of any spam rule if it detects that the rule's editing button has been clicked repeatedly. Issue 37: The attachment true file type filter does not support JavaScript(TM) file types ".js" and ".jse", but the following line in the IMSS Admin page indicates that it does: "Java byte code (.js .jse .cla. and .class)" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: Patch 1 resolves the issue by removing the unsupported file types ".js" and ".jse" from the line. Issue 38: The IMSVA "true file type" policy may not work on email messages if these contain an attachment that does not follow RFC standards. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: Patch 1 enables the IMSVA "true file type" filter to detect these email attachments to ensure that the "true file type" policy can be applied to the corresponding email messages. Issue 39: The IMSVA EUQ landing page is always displayed in English instead of in the browser's language setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: Patch 1 ensures that the IMSVA EUQ landing page is displayed according to the browser's language setting. Issue 40: In IMSVA versions released before version 9.0, when an administrator configures the "Administration > SMTP Routing > Message Delivery" settings and input a fully-qualified domain name (FQDN) for the target "Server address", Postfix will try to query the MX record of the FQDN so that: - If the MX record exists, IMSVA will deliver the mail to the MX record. - If the MX record does not exist, IMSVA will try to query the corresponding A record and deliver the email to the A record. The IMSVA 9.0 GM build queries only the A record of the FQDN. This may cause email delivery issues when delivering messages between different IMSVA versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: Patch 1 prevents delivery issues by making the following changes: - If a user imports configuration files from versions older than version 9.0 GM build, it will keep the same behavior as the previous version. - If a user adds a new delivery setting in IMSVA 9.0, the user has the option to configure IMSVA to query the MX record or A record. NOTE: This solution will be added to the repacked version of IMSVA 9.0 GM build so that upgrading to that repacked version also resolves the issue. Issue 41: The "Incoming Message Except" online help page (plcy_route_xcptns.html) is missing from the IMSVA 9.0 package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: Patch 1 adds the missing file to ensure that the online help pages are complete. Issue 42: Some message digest algorithms are not supported during TLS communication in IMSVA 9.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: Patch 1 upgrades the OpenSSL version in IMSVA 9.0 to enable it to support these message digest algorithms. Issue 43: TLS policies that are configured for some IPV6 address formats may not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: Patch 1 ensures that IMSVA 9.0 supports TLS policies configured for IPV6 address formats. Issue 44: If Email Reputation or IP Profiler is enabled in IMSVA 9.0, IMSVA uses the FoxProxy module as an SMTP proxy to handle SMTP connections. FoxProxy may stop working if all of the following conditions are met: - Email Reputation or IP Profiler is enabled. - There is no known hosts setting. - An upstream MTA is trying to send multiple email messages in one TCP connection. This issue may cause email message delay. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: Patch 1 ensures that FoxProxy works normally. Issue 45: Users may not able to import configuration files to IMSVA 9.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: Patch 1 ensures that users can successfully import the correct configuration files to IMSVA 9.0. 9. Files Included in this Release ======================================================================== Filename Build No. ---------------------------------------------------------------- Apache 9.0.0.1623 Tomcat 9.0.0.1623 mod_jk.so 9.0.0.1623 QtEditAreaAction.class 9.0.0.1623 imss6Errors.properties 9.0.0.1623 imss6Errors_en.properties 9.0.0.1623 quarantines_settings_detail.jsp 9.0.0.1623 archive_settings_detail.jsp 9.0.0.1623 openssl1/libcrypto.so 9.0.0.1623 openssl1/libssl.so 9.0.0.1623 openssl1/libssl.so.1.0.0 9.0.0.1623 openssl1/libcrypto.so.1.0.0 9.0.0.1623 openssl1/c_rehash 9.0.0.1623 openssl1/openssl 9.0.0.1623 libFoxParser.so 9.0.0.1623 TmFoxProxy 9.0.0.1623 imssd 9.0.0.1623 libFilterAction.so 9.0.0.1623 libFilterVirus.so 9.0.0.1623 libImssRule.so 9.0.0.1623 MsgTracing-0.2-py2.6.egg 9.0.0.1623 MsgTracing-0.2-py2.6.egg-info 9.0.0.1623 MTASettingAction* 9.0.0.1623 Utility.class 9.0.0.1623 smtp_tls_certificate_add.jsp 9.0.0.1623 validation.jsp 9.0.0.1623 LdapUserWSAction.class 9.0.0.1623 dtasagent 9.0.0.1623 euqutil 9.0.0.1623 imssausched 9.0.0.1623 imssmgr 9.0.0.1623 libImssCommon.so 9.0.0.1623 libImssDAO.so 9.0.0.1623 libFilterWrs.so 9.0.0.1623 libFilterGraymail.so 9.0.0.1623 log_HourlyTableInitSP.sql 9.0.0.1623 MessageTracing.py 9.0.0.1623 SummaryPageAction.class 9.0.0.1623 libem_helpr.so 9.0.0.1623 libFilterEmgrPlugin.so 9.0.0.1623 libFilterAntiSpoof.so 9.0.0.1623 libtmmsg.so 9.0.0.1623 RuleAttribute.class 9.0.0.1623 imss.root 9.0.0.1623 root.res 9.0.0.1623 imss.dat 9.0.0.1623 received_ip_expression 9.0.0.1623 libcares.so.2 9.0.0.1623 libcrypto.so.4 9.0.0.1623 libcurl.so 9.0.0.1623 libEn_Utility.so 9.0.0.1623 libssl.so.4 9.0.0.1623 libSSO_PKIHelper.so 9.0.0.1623 libTrendAprWrapper.so 9.0.0.1623 imsscmagent 9.0.0.1623 libTmIbeCryptoSdk.so 9.0.0.1623 BifConnect.class 9.0.0.1623 BifConnect$1.class 9.0.0.1623 LogQueryMsgDAO.class 9.0.0.1623 LogQueryIpFilterAction.class 9.0.0.1623 LogQueryMsgAction.class 9.0.0.1623 LogQueryMTAAction.class 9.0.0.1623 LogQueryPolicyAction.class 9.0.0.1623 LogQuerySysAction.class 9.0.0.1623 ProcQueueQueryForm.class 9.0.0.1623 ProcQueueQueryAction.class 9.0.0.1623 QtQueryAction.class 9.0.0.1623 Constants.class 9.0.0.1623 imssDefine.properties 9.0.0.1623 type99.py 9.0.0.1623 test_spf.py 9.0.0.1623 spfquery.py 9.0.0.1623 spf.py 9.0.0.1623 ipaddr.py 9.0.0.1623 SPFPolicyd.py 9.0.0.1623 PrefilterDAO.class 9.0.0.1623 LdapCacheSync.class 9.0.0.1623 LdapCacheSync\$1.class 9.0.0.1623 RcptSync.class 9.0.0.1623 BackupAction.class 9.0.0.1623 BackupAction\$1.class 9.0.0.1623 ConnLDAPAction.class 9.0.0.1623 ConnLDAPAction\$1.class 9.0.0.1623 WizardActionAppliance.class 9.0.0.1623 WizardActionAppliance\$1.class 9.0.0.1623 dblog_janitor 9.0.0.1579 forceUpdate 9.0.0.1579 ibe_reg 9.0.0.1579 ibe_job_doer 9.0.0.1623 ibe_job_getter 9.0.0.1623 ibes 9.0.0.1623 imssps 9.0.0.1623 wrsagent 9.0.0.1623 imssmgrmon 9.0.0.1623 libFilterDkimEF.so 9.0.0.1623 libImssEncrypt.so 9.0.0.1623 libImssCrypto.so 9.0.0.1623 libIMSSjni.so 9.0.0.1623 libImssPolicy.so 9.0.0.1623 libPolicyCaller.so 9.0.0.1623 libPolicyUtility.so 9.0.0.1623 libProductLibrary.so 9.0.0.1623 dbscript.conf 9.0.0.1623 logs_query_details.jsp 9.0.0.1623 logs_query_policyevent.jsp 9.0.0.1623 LogQueryPolicyForm.class 9.0.0.1623 LogQueryPolDAO.class 9.0.0.1623 PolicyLogrec.class 9.0.0.1623 PolicyLogs.class 9.0.0.1623 RansomwareDetectionXML.class 9.0.0.1623 RansomwareDetectionDAO.class 9.0.0.1623 RansomwareDetectionInfo.class 9.0.0.1623 SummaryShowWidgets.class 9.0.0.1623 imsa8summarywidgets.properties 9.0.0.1623 imsa8summarywidgets_en.properties 9.0.0.1623 imss6Logs.properties 9.0.0.1623 imss6Logs_en.properties 9.0.0.1623 imss6Sql.properties 9.0.0.1623 struts-config-summary.xml 9.0.0.1623 pageSettings.js 9.0.0.1623 Proxy.php 9.0.0.1623 en_US.xml 9.0.0.1623 module.js 9.0.0.1623 modImsvaRansomwareWidget/* 9.0.0.1623 LogsBase.class 9.0.0.1573 EuqHttpFilter.class 9.0.0.1623 LoginAction.class 9.0.0.1623 libEUQjni.so 9.0.0.1623 EuqGlobalSetting.class 9.0.0.1623 SessionFilter.class 9.0.0.1623 ldaprep-0.1-py2.6.egg 9.0.0.1623 ldaprep-0.1-py2.6.egg-info 9.0.0.1623 S99TLSAGENT 9.0.0.1623 glibc-2.12-1.166.el6_7.7.i686.rpm 9.0.0.1623 glibc-2.12-1.166.el6_7.7.x86_64.rpm 9.0.0.1623 glibc-common-2.12-1.166.el6_7.7.x86_64.rpm 9.0.0.1623 CertUtils.class 9.0.0.1623 CertUtils$1.class 9.0.0.1623 CertUtils$SavingTrustManager.class 9.0.0.1623 imp_exp 9.0.0.1623 tables.lua 9.0.0.1623 libcme_dll.so 9.0.0.1623 libcme_vxe_dll.so 9.0.0.1623 libcme_vxe_dll_static.so 9.0.0.1623 tmpeEnum.xml 9.0.0.1623 DLPExpressionInterface.class 9.0.0.1623 libdtsearch.so 9.0.0.1623 imsstasks 9.0.0.1549 certagent 9.0.0.1549 imss6UIEvtLogs_ja.properties 9.0.0.1549 S99IMSS 9.0.0.1549 policy_home.jsp 9.0.0.1549 libTmFoxSocketLib.so 9.0.0.1549 imss6Policy.properties 9.0.0.1549 imss6Policy_en.properties 9.0.0.1549 imss6Policy_ja.properties 9.0.0.1549 RecipientParser.class 9.0.0.1549 RecipientParser$RecipientContentHandler.class 9.0.0.1549 Recipient.class 9.0.0.1549 RcptSyncAction.class 9.0.0.1549 Query.class 9.0.0.1549 EmailSync.class 9.0.0.1549 DomainEmail.class 9.0.0.1549 BatchFormatter.class 9.0.0.1549 AddDomainAction.class 9.0.0.1549 add_domain_name_dst.jsp 9.0.0.1549 libICRCHdler.so 9.0.0.1549 tlsagent 9.0.0.1549 apache.sh 9.0.0.1549 Apache.sh 9.0.0.1549 postalias 9.0.0.1549 postcat 9.0.0.1549 postconf 9.0.0.1549 postdrop 9.0.0.1549 postfix 9.0.0.1549 postkick 9.0.0.1549 postlock 9.0.0.1549 postlog 9.0.0.1549 postmap 9.0.0.1549 postmulti 9.0.0.1549 postqueue 9.0.0.1549 postsuper 9.0.0.1549 sendmail 9.0.0.1549 anvil 9.0.0.1549 bounce 9.0.0.1549 cleanup 9.0.0.1549 discard 9.0.0.1549 error 9.0.0.1549 flush 9.0.0.1549 lmtp 9.0.0.1549 local 9.0.0.1549 master 9.0.0.1549 nqmgr 9.0.0.1549 oqmgr 9.0.0.1549 pickup 9.0.0.1549 pipe 9.0.0.1549 postfix-files 9.0.0.1549 postfix-script 9.0.0.1549 postfix-wrapper 9.0.0.1549 post-install 9.0.0.1549 postmulti-script 9.0.0.1549 proxymap 9.0.0.1549 qmgr 9.0.0.1549 qmqpd 9.0.0.1549 scache 9.0.0.1549 showq 9.0.0.1549 smtp 9.0.0.1549 smtpd 9.0.0.1549 spawn 9.0.0.1549 tlsmgr 9.0.0.1549 trivial-rewrite 9.0.0.1549 verify 9.0.0.1549 virtual 9.0.0.1549 smart_reporter 9.0.0.1549 Base.py 9.0.0.1549 Class.py 9.0.0.1549 __init__.py 9.0.0.1549 lazy.py 9.0.0.1549 Lib.py 9.0.0.1549 Opcode.py 9.0.0.1549 Status.py 9.0.0.1549 Type.py 9.0.0.1549 win32dns.py 9.0.0.1549 imsa8WrsCategory.properties 9.0.0.1549 imsa8WrsCategory_en.properties 9.0.0.1549 rule_attr_true_file.jsp 9.0.0.1549 american-name.txt 9.0.0.1549 libdlpEngine.so.0 9.0.0.1549 libEmExpression.so 9.0.0.1549 imssdps 9.0.0.1549 tmpe.pol 9.0.0.1549 spanish-name.txt 9.0.0.1549 UpdateDlpTemplate.sh 9.0.0.1549 UpdateDlpTemplate.class 9.0.0.1549 initFileAttribute.jsp 9.0.0.1549 dlp_CTL.sql 9.0.0.1549 mdalog_parser 9.0.0.1549 smtp_tls_ca_certificate_import.jsp 9.0.0.1549 smtp_tls_certificate_import.jsp 9.0.0.1549 smtp_tls_policy_import.jsp 9.0.0.1549 keywordListEdit.jsp 9.0.0.1549 deferred_query.jsp 9.0.0.1549 quarantines_archive.jsp 9.0.0.1549 quarantines_postpone.jsp 9.0.0.1549 quarantines_query.jsp 9.0.0.1549 help.html 9.0.0.1549 libTMNotify.so 9.0.0.1549 libTMNotifymt.so 9.0.0.1549 IMSVA8-V2.mib 9.0.0.1549 RuleAttrSpamAction.class 9.0.0.1549 libtmfbeng.so 9.0.0.1549 ProcQueueQueryDAO.class 9.0.0.1549 QtLogrec.class 9.0.0.1549 QtQueryDAO.class 9.0.0.1549 procqueue_query_detail.jsp 9.0.0.1549 procqueue_query_results.jsp 9.0.0.1549 imssctl.sh 9.0.0.1549 rt_GenMailTrafficSP.sql 9.0.0.1549 create.sql 9.0.0.1549 imssOLH.properties 9.0.0.1549 imssOLH_en.properties 9.0.0.1549 libssl3.so 9.0.0.1549 libsqlite3.so 9.0.0.1549 libsoftokn3.so 9.0.0.1549 DeliveryPolicy.class 9.0.0.1549 DeliveryPolicyDAO.class 9.0.0.1549 imss6System.properties 9.0.0.1549 imss6System_en.properties 9.0.0.1549 struts-config-system.xml 9.0.0.1549 smtp_delivery_detail.jsp 9.0.0.1549 pack_tool 9.0.0.1549 libem_debug.so 9.0.0.1549 login.jsp 9.0.0.1549 c1_notification.jsp 9.0.0.1549 ExInterface_IMSVA.ini 9.0.0.1549 ibe_license.jsp 9.0.0.1549 icon_notactivated.png 9.0.0.1549 iframe_widget.jsp 9.0.0.1549 NotiSetting.class 9.0.0.1549 NotiSettingsAction.class 9.0.0.1549 prefilter_license.jsp 9.0.0.1549 product_reg_page.jsp 9.0.0.1549 summ_activity.jsp 9.0.0.1549 summ_realtime.jsp 9.0.0.1549 summ_system.jsp 9.0.0.1549 sys_noti_settings.jsp 9.0.0.1549 TmLicense.class 9.0.0.1549 WizardAction.class 9.0.0.1549 Online help 9.0.0.1549 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan, Control Manager, Data Loss Prevention, eManager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide