<<<>>> Trend Micro, Inc. November 19, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 9.0 Patch 1 - Build 1549 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About InterScan Messaging Security Virtual Appliance 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and anti-spyware. Content-filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 1.1 Overview of this Release ===================================================================== This patch release includes all hot fixes after the release of IMSVA 9.0 GM Build 1383. 1.2 Who Should Install this Release ===================================================================== Install this patch if you are currently running any package released before IMSVA 9.0 Build 1549. 2. What's New ======================================================================== Note: Please install the patch before completing any procedures in this section (see "Installation"). This patch addresses the following issues and includes the following enhancements: 2.1 Enhancements ==================================================================== The following enhancements are included in this patch: Enhancement 1: This patch enables IMSVA 9.0 to use Web Reputation Service (WRS) and Email Reputation Service (ERS) information to scan email messages that improves its ability to handle WRS newborn URLs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To disable this feature: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "no". [general] use_new_born_for_spam = no Note: The default value of this key is "yes" which enables the feature. d. Save the changes and close the file. e. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 2: This patch allows users to set which version of SNMP should IMSVA 9.0 use to send SNMP trap messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To set the SNMP version for sending SNMP trap messages: a. Install this patch (see "Installation"). b. Log on to the IMSVA admin console. c. Go to the "Administration > Notifications > Delivery Settings" page. d. Select the preferred version from the drop down list for "SNMP version". Note: This is set to "SNMPv1" by default. e. Click the "Save" button. Enhancement 3: This patch adds more information to Case Diagnostic Tool (CDT) logs to help users in troubleshooting issues. Enhancement 4: This patch enables IMSVA 9.0 to use LDAPS to encrypt LDAP communications. Note: Please contact Trend Micro Support for the steps to enable this feature. Enhancement 5: This patch enables IMSVA 9.0 to support the asynchronization integration mode for Virtual Analyzer. In asynchronization mode, if an email message is marked as suspicious by the ATSE or SNAP engine, the email sample will be able to trigger scan conditions immediately without waiting for the evaluation result from Virtual Analyzer. IMSVA 9.0 will still send a copy of the email sample to Virtual Analyzer for further analysis and will add the information to the corresponding policy event log once it receives the results. If IMSVA is configured to send true file types to Virtual Analyzer for analysis and the email sample does not trigger a scan condition, IMSVA will still send the email sample to Virtual Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To change Virtual Analyzer integration mode: a. Install this patch (see "Installation"). b. Connect to the database using the following command on the parent device: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Open the "Mail Areas & Queues Management > Virtual Analyzer" page of the admin console and ensure that Trend Micro Deep Discovery Analyzer is not processing email messages. Note: Deep Discovery Analyzer should not be processing email messages while switching integration modes. d. Modify or insert the value of "dda_int_mode" to one of the following mode: 0 = synchronization mode (default) 1 = asynchronization mode For example, to enable asynchronization mode for the first time, run the following command (wrap the command in one line): insert into tb_global_setting values('dda', 'dda_int_mode', 1,'imss.ini'); If the key already exists, change the value to the preferred mode, in this case asynchronization mode: update tb_global_setting set value=1 where section='dda' and name='dda_int_mode' e. Exit the database console using the following command: \q f. Restart scanner service using the following command: /opt/trend/imss/script/imssctl.sh restart Enhancement 6: This patch enables IMSVA 9.0 to support multiple servers for Virtual Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To configure multiple Virtual Analyzer servers: a. Install This patch (see "Installation"). b. Go to "Administration > Virtual Analyzer Settings" on the IMSVA management console and select "Submit email messages to Virtual Analyzer". c. Connect to the database using the following command on the parent device: /opt/trend/imss/PostgreSQL/bin/psql imss sa d. Enable the multiple Virtual Analyzer feature by running the following command (in a single line): insert into tb_global_setting values('dda', 'enable_multi_dda','1','imss.ini',''); e. Specify the total number of Virtual Analyzer servers by running the following command (in a single line): insert into tb_global_setting values('dda', 'dda_num','N','imss.ini',''); Note: "N" is the number of Virtual Analyzer servers. f. Insert the information for each Virtual Analyzer server in the database by running each command in a single line for each server: insert into tb_global_setting values('dda', 'dda_host_x','V1','imss.ini',''); insert into tb_global_setting values('dda', 'dda_port_x','V2','imss.ini',''); insert into tb_global_setting values('dda', 'dda_apikey_x','V3','imss.ini',''); insert into tb_global_setting values('dda', 'dda_pref_x','V4','imss.ini',''); Notes: - "X" is an integer between 1 and N, and should start from 1. - "V1" is the server host and can be an FQDN or IP address. - "V2" is the server's listening port. - "V3" is the API key that the server generates. - "V4" is the order of preference (priority) that the server is to be used and should be a positive integer. Lower values mean higher priority. For example, if you added two Virtual Analyzer servers, the following information should be recorded in the database: # select * from tb_global_setting where section='dda'; section| name | value |inifile |notes -------+------------ +----------------------------------+--------+----- dda |dda_apikey_1 |5EFBB869-D51A-46A1-8434-1111111111|imss.ini| dda |dda_apikey_2 |5EFBB869-D51A-46A1-8434-1111111112|imss.ini| dda |dda_enabled |1 |imss.ini| dda |dda_host_1 |192.168.1.1 |imss.ini| dda |dda_host_2 |192.168.1.2 |imss.ini| dda |dda_num |2 |imss.ini| dda |dda_port_1 |443 |imss.ini| dda |dda_port_2 |443 |imss.ini| dda |dda_pref_1 |10 |imss.ini| dda |dda_pref_2 |20 |imss.ini| dda |enable_multi_dda|1 |imss.ini| g. Exit the database console using the following command: \q h. Restart the dtasagent service using the following command: S99DTASAGENT restart Enhancement 7: This patch enables users to configure IMSVA 9.0 to detect true file types that are encoded and inserted into an email body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To configure IMSVA 9.0 to detect true file types that are encoded and inserted into an mail body: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the"/opt/trend/imss/ config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "yes". [general] AllowScanEmbeddedBase64Attachment=yes Note: This key is disabled by default. Setting the key to "yes" enables the feature while setting the key to "no" or removing the key disables the feature. d. Save the changes and close the file. e. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 8: Enabling the "spam_threshold_special" hidden key in IMSVA 9.0 allows users to set the spam rule settings to accept values from 3 to 99. This patch enables users to set the spam rule settings to any value from 0 to 99. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To enable this option: a. Install This patch (see "Installation"). b. On the IMSVA console, connect to the database using the following command below: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Modify or insert the "spam_threshold_special" key and set the preferred value by running one of the following commands in a single line: To insert the hidden key: insert into tb_global_setting values ('general', 'spam_threshold_special', 'x','imss.ini',' '); To change the value of the key: update tb_global_setting set value='x' where name= 'spam_threshold_special' and section='general'; Where "x" is: 0 = allows values from 3 to 10 (default) 1 = allows values from 0 to 99 Note: Trend Micro does not recommend enabling this hidden key unless the change is necessary. d. Exit the database console using the following command: \q Enhancement 9: This patch updates the "DLP Compliance Templates" and "DLP Data Identifiers" from version 3.0 to version 3.1. Note: The new templates and identifiers will work only in IMSVA 9.0 builds higher than 1528 and will not work if you rollback This patch. Enhancement 10: This patch enhances the exception-handling capability of the IMSVA policy server. Enhancement 11: While connected to the primary mail transfer agent (MTA), IMSVA automatically tests the connection to the next MTA as it receives email messages. As a result, the next MTA may receive a large number of test connections from IMSVA but does nothing. This patch enables IMSVA 9.0 to check the connection to the next MTA periodically instead of each time it receives an email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To configure this feature: a. Install This patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "delivery_policy_server" section and set the checking interval in seconds. For example, to enable IMSVA to test the connection every minute, set: [delivery_policy_server] test_connect_expiry_time=60 Note: The default value of this key is "30". Setting this key to "0" disables the feature and allows IMSVA to test the connection to the next MTA each time it receives an email message. c. Save the changes and close the file. e. Restart delivery service using the following command: /opt/trend/imss/script/S99DELIVERY restart Enhancement 12: When the End User Quarantine (EUQ) authentication is through OpenLDAP, users need to use the full distinguished name to log on to the EUQ web management console. This patch enables end users to configure IMSVA to accept other attributes to log in. When this function is enabled, IMSVA will search for the distinguished name that corresponds to the given attribute. If the search comes up with several distinguished names, IMSVA will use the first one on the list to logon to the EUQ web management console. Procedure 12: To enable this feature: a. Install This patch (see "Installation"). b. Open the "ldapscript.conf" file in the "/opt/trend/imss/ldap/openldap/" folder using a text editor. c. set the ldap_attr_user_name to the preferred attribute. For example, to use UID, set "ldap_attr_user_name=uid" Note: Please contact Trend Micro Support to confirm if other attributes are supported. c. Save the changes and close the file. e. Restart scanner service using the following /opt/trend/imss/script/imssctl.sh restart Enhancement 13: This patch enables the Advanced Threat Scan Engine in IMSVA to detect macro in messages when Virtual Analyzer is enabled and to send suspicious messages to Trend Micro Deep Discovery Advisor for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 13: To enable this option: a. Install This patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "1": [general] atse_afi_macro_detect=1 Note: To disable the feature, set "atse_afi_macro_detect=0" which is the default value. d. Save the changes and close the file. e. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 14: This patch adds a backup server for Web Reputation Services (WRS) queries. IMSVA will failover to this server if it cannot connect the primary WRS server. Enhancement 15: This patch enables IMSVA 9.0 to detect and display web sites under the Ransomware category which should contain sites that directly or indirectly facilitate the distribution of ransomware. Users can query this information through the "Logs > Query > Policy events > Web Reputation > Internet Security > Ransomware" page of the IMSVA console. Enhancement 16: The default timeout that IMSVA uses to query LDAP is 120 seconds. This patch enables users to set a preferred timeout value. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 16: To enable this option: a. Install This patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "LDAP-Setting" section and set its value to the preferred timeout value in seconds: [LDAP-Setting] optTimelimit=360 d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 18: This patch enables IMSVA to support version 1.2 of the Transport Layer Security (TLS) protocol. Enhancement 19: When creating a Cloud Pre-Filter Policy, IMSVA only allows users to specify a domain, for example "example.com". This patch enables IMSVA to support one-level sub-domains such as "*.example.com". When the "Valid Recipient check" feature is enabled, IMSVA will sync all the email addresses under this sub-domain. Enhancement 20: This patch enables IMSVA to scan IBE-encrypted messages as normal messages when it cannot decrypt these messages. Enhancement 21: This patch enables IMSVA to be able to change the EUQ link in digest messages from HTTPS to HTTP when user configure the EUQ consoled to use HTTP. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 21: To disable this feature: a. Install This patch (see "Installation"). b. Login to PostgreSQL by running the following command. /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Insert a flag into the "tb_global_setting" table by running the following command. insert into tb_global_setting values ('euq','euq_digest_SCHEME','http','imss.ini',''); Note: this feature is enabled by default. d. Log off from PostgreSQL by running the following command. \q Enhancement 22: This patch enables IMSVA 9.0 to add the file name of email attachments that have triggered the content filter rule in policy event logs that it sends to the Trend Micro Control Manager(TM) server. Enhancement 23: IMSVA now runs an updated version of Apache(TM) Tomcat(TM) which resolves some vulnerabilities in previous versions. Enhancement 24: IMSVA now runs an updated version of Apache which resolves some vulnerabilities in previous versions. Enhancement 25: IMSVA now runs an updated version of OpenSSL to resolve some vulnerabilities in previous versions. Enhancement 26: This hot fix enables IMSVA 9.0 to use a password-guessing function when scanning a parts of an email body that commonly contain passwords. Note: This enhancement requires ATSE engine version 9.755.1246 and above. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To enable this feature: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "general" section and set its value to "1". [general] atse_password_guessing=1 Note: The default value of this key is "0" which disables the feature. c. Save the changes and close the file. d. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart 2.2 Resolved Known Issues ===================================================================== IMSVA 9.0 Patch 1 resolves the following issues: Issue 1: A red icon appears on the main page of the InterScan Messaging Security Virtual Appliance (IMSVA) admin console if some features were not activated by a Product License. This may make users think that an error has occurred. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch changes the color of the icon to blue. ------------------------------------------------------------------- Issue 2: The End User Quarantine (EUQ) console does not accept passwords that are longer than 32 characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch enables the EUQ console to accept passwords up to 64 characters long. ------------------------------------------------------------------- Issue 3: While checking if it needs to send out EUQ digest notifications, IMSVA 9.0 may export some information twice. When this happens, it may export the wrong information on the second instance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch ensures that IMSVA 9.0 exports information only when necessary. ------------------------------------------------------------------- Issue 4: IMSVA 9.0 may encounter performance issues after users enable a compliance rule that contains several templates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch upgrades the eManager(TM) module in IMSVA 9.0 to resolve the performance issue. ------------------------------------------------------------------- Issue 5: The smtpd process stops unexpectedly because IMSVA does not generate a queue id when users configure a Postfix before-queue filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that IMSVA generates a queue ID when users configure a Postfix before-queue filter. ------------------------------------------------------------------- Issue 6: When users import IMSVA 9.0 configuration files from computers running old platform versions, the database connection expire time setting is also imported. This is not necessary. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch ensures that IMSVA 9.0 only imports the necessary settings. ------------------------------------------------------------------- Issue 7: There are some enhancements to the TMFBE module. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch updates the TMFBE module in IMSVA 9.0. ------------------------------------------------------------------- Issue 8: Users cannot login to the EUQ console using passwords that contain a caret "^" when EUQ authentication is through an SMTP server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that users can log on to the EUQ console using passwords that contain a caret "^" when EUQ authentication is through an SMTP server. Issue 9: If users import configuration files from any lower InterScan Messaging Security Virtual Appliance (IMSVA) version to IMSVA 9.0, and in the old platform some policies in the "Administration > SMTP Routing > Domain-based Delivery" page contain uppercase records, IMSVA 9.0 will not be able to match these policies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch ensures that IMSVA 9.0 can correctly match policies under the scenario described above. ------------------------------------------------------------------- Issue 10: The OpenSSL version that is used in the Smart Scan module may be affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch upgrades the OpenSSL version in the Smart Scan module to resolve the vulnerability. ------------------------------------------------------------------- Issue 11: Users may not be able to view certain email message formats in the "message tracking" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch ensures that users can query and view these email messages from the IMSVA 9.0 console. ------------------------------------------------------------------- Issue 12: A log parsing function in IMSVA 9.0 may not be able to exit normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch ensures that the log parsing function exits normally. ------------------------------------------------------------------- Issue 13: SNMP traps may contain the wrong OID identifier and source address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch ensures that SNMP traps contain the correct OID identifier and source address. ------------------------------------------------------------------- Issue 14: The IMSVA "true file type" policy may not be able to detect certain types of 64-bit *.exe files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch ensures that the IMSVA 9.0 "true file type" policy correctly detects 64-bit *.exe files. ------------------------------------------------------------------- Issue 15: Users may not able to query Email Reputation Services (ERS) logs when an email address in the sender or recipient field contains a single quote ("'"). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures that IMSVA 9.0 can query ERS logs when an email address in the sender or recipient field contains a single quote "'". Issue 16: The "Total message count" information in "Traffic Summary" reports generated by InterScan Messaging Security Virtual Appliance (IMSVA) does not include the number of email messages that were rejected by Email Reputation Services (ERS). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch ensures that IMSVA includes the number of email messages rejected by ERS in the "Total message count" information on "Traffic Summary" reports. ------------------------------------------------------------------- Issue 17: After applying hotfix 1523, users cannot view logs for reprocessed email messages in the "Logs > Query > System events > Admin activity" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch ensures that user can view the logs for reprocessed email messages in the "Logs > Query > System events > Admin activity" page. ------------------------------------------------------------------- Issue 18: The "True file type" policy of IMSVA cannot detect executable files that were compressed in the ACE archive format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch ensures that the IMSVA "true file type" policy can detect executable files that were compressed in the ACE archive format. ------------------------------------------------------------------- Issue 19: When users click on "Save & Synchronize" and select multiple Lightweight Directory Access Protocols (LDAPs) on the "Administration > Connections > LDAP" page, the LDAP configurations will not be saved. This issue occurs when the users' LDAP contains invalid email attribute values. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch enables IMSVA to check if an email address is valid or not. If IMSVA detects an invalid email address, it skips the address and continues to synchronize other records. ------------------------------------------------------------------- Issue 20: When an external client attempts to perform the "reply all" action on an encrypted email message, the original senders are not added to the recipient list in the "To" field. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch ensures that the original senders are included in the "To" field when users perform a "Reply all" action on an encrypted email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 20: To enable this feature: a. Install This patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "yes". It is disabled by default. [general] enableAddAllReceipts=yes d. Save the changes and close the file. e. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart ------------------------------------------------------------------- Issue 21: The "/opt/trend/imss/temp" folder is mounted to a partition that may not have sufficient space for temporary files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch moves the temporary folder to a new location that has sufficient space to store temporary files. ------------------------------------------------------------------- Issue 22: The "Attachment True File Type" filter does not recognize ACE archive files as compressed files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch enables the "Attachment True File Type" filter to classify ACE files as compressed files under the "All other types of compressed files" group. ------------------------------------------------------------------- Issue 23: The "True file type > Java byte code" filter in IMSVA cannot detect jar(Java(TM) Archive) files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch ensures that the "True file type" policy can detect jar files. ------------------------------------------------------------------- Issue 24: IMSVA may match some Microsoft(TM)-defined IDs to the "US: SSN (Social Security Number)" keyword. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch provides an option to configure IMSVA to skip ID-matching for certain keywords. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 24: To enable this feature: a. Install This patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to the key/keys that you want to skip separating each key with a semi-colon ";". This is disabled by default. [general] BypassKeywords=key1;key2 d. Save the changes and close the file. e. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart ------------------------------------------------------------------- Issue 25: The glibc module in IMSVA 9.0 is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch updates the glibc module in IMSVA 9.0 to remove the vulnerability. ------------------------------------------------------------------- Issue 26: There are issues related to the Python DNS third-party module. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch upgrades the Python DNS module to resolve these issues. ------------------------------------------------------------------- Issue 27: The InterScan Messaging Security Virtual Appliance (IMSVA) Smart Scan feature uses an OpenSSL version that may affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch updates the Smart Scan module to resolve the vulnerabilities. ------------------------------------------------------------------- Issue 28: The "Password protected zip files (unscannable files)" filter cannot recognize password-protected ZIP files that are embedded in a Microsoft(TM) Word file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch enables the "Password protected zip files (unscannable files)" filter to recognize password- protected ZIP files embedded in Word files. ------------------------------------------------------------------- Issue 29: Under certain conditions, the InterScan Messaging Security Virtual Appliance (IMSVA) TmFoxProxy process may trigger a high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This patch helps prevent the high CPU usage issue. ------------------------------------------------------------------- Issue 29: The timestamps on the "Log Query" page of admin console are an hour behind the actual time in certain time zones. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This patch ensures that the timestamps on the "Log Query" page are in the correct time. ------------------------------------------------------------------- Issue 30: When a policy rule is modified, the corresponding system event log shows the user account name "admin" but does not show the rule name. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This patch ensures that system event logs also show rule names. ------------------------------------------------------------------- Issue 31: When users import spam email messages to the End User Quarantine (EUQ) database in duplicate, users cannot delete the duplicate entries from the EUQ database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This patch ensures that users can successfully delete duplicate records from the EUQ database. ------------------------------------------------------------------- Issue 32: IMSVA quarantines certain email messages unexpectedly because a blank expression in these email messages has been deleted by mistake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution32: This patch provides a way to disable a trimming mechanism to help ensure that blank expressions are not deleted by mistake and work normally in regular configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 32: To disable the mechanism: a. Install This patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "no". [general] EnableTrimSpaceExpression=no Note: The default value of this key is "yes" which enables the mechanism. d. Save the changes and close the file. e. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart ------------------------------------------------------------------- Issue 33: IMSVA 8.2 continues to send notifications that it cannot connect to the database even after it has successfully reconnected with the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch ensures that IMSVA 8.2 sends these notifications only when it cannot connect to the database. ------------------------------------------------------------------- Issue 34: S99IMSS will show an error message although daemon started successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This patch ensures that the script will show correct messages. ------------------------------------------------------------------- Issue 35: Sometimes, users may click a spam rule's editing button on the "Policy List" page of the Admin UI repeatedly which may cause the approved sender list or blocked sender list of the rule to grow and exceed the 640 KB size limit. When this happens, the database and policy service may not work properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch resolves the issue by allowing IMSVA 9.0 to disable the edit ability of any spam rule if it detects that the rule's editing button has been clicked repeatedly. ------------------------------------------------------------------- Issue 36: The attachment true file type filter does not support JavaScript(TM) file types ".js" and ".jse", but the following line in the IMSS Admin page indicates that it does: "Java byte code (.js .jse .cla. and .class)" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This patch resolves the issue by removing the unsupported file types ".js" and ".jse" from the line. ------------------------------------------------------------------- Issue 37: The InterScan Messaging Security Virtual Appliance (IMSVA) "true file type" policy may not work on email messages if these contain an attachment that does not follow RFC standards. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch enables the IMSVA "true file type" filter to detect these email attachments to ensure that the "true file type" policy can be applied to the corresponding email messages. ------------------------------------------------------------------- Issue 38: The IMSVA EUQ landing page is always displayed in English instead of in the browser's language setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This hot fix ensures that the IMSVA EUQ landing page is displayed according to the browser's language setting. ------------------------------------------------------------------- Issue 39: In IMSVA versions released before version 9.0, when an administrator configures the "Administration > SMTP Routing > Message Delivery" settings and input a fully-qualified domain name (FQDN) for the target "Server address", Postfix will try to query the MX record of the FQDN so that: - If the MX record exists, IMSVA will deliver the mail to the MX record. - If the MX record does not exist, IMSVA will try to query the corresponding A record and deliver the email to the A record. The IMSVA 9.0 GM build queries only the A record of the FQDN. This may cause email delivery issues when delivering messages between different IMSVA versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This hot fix prevents delivery issues by making the following changes: - If a user imports configuration files from versions older than version 9.0 GM build, it will keep the same behavior as the previous version. - If a user adds a new delivery setting in IMSVA 9.0, the user has the option to configure IMSVA to query the MX record or A record. Note: This solution will be added to the repacked version of IMSVA 9.0 GM build so that upgrading to that repacked version also resolves the issue. ------------------------------------------------------------------- Issue 40: The "Incoming Message Except" online help page (plcy_route_xcptns.html) is missing from the IMSVA 9.0 package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This hot fix adds the missing file to ensure that the online help pages are complete. ------------------------------------------------------------------- Issue 41: Some message digest algorithms are not supported during TLS communication in IMSVA 9.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This hot fix upgrades the OpenSSL version in IMSVA 9.0 to enable it to support these message digest algorithms. ------------------------------------------------------------------- Issue 42: Transport Layer Security (TLS) policies that are configured for some IPV6 address formats may not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This hot fix ensures that IMSVA 9.0 supports TLS policies configured for IPV6 address formats. ------------------------------------------------------------------- Issue 43: If Email Reputation or IP Profiler is enabled in IMSVA 9.0, IMSVA uses the FoxProxy module as an SMTP proxy to handle SMTP connections. FoxProxy may stop working if all of the following conditions are met: - Email Reputation or IP Profiler is enabled. - There is no known hosts setting. - An upstream MTA is trying to send multiple email messages in one TCP connection. This issue may cause email message delay. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This hot fix ensures that FoxProxy works normally. ------------------------------------------------------------------- Issue 44: Users may not able to import configuration files to IMSVA 9.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This hot fix ensures that users can successfully import the correct configuration files to IMSVA 9.0. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Administrator's Guide -- product overview, and configuration instructions, and basic information to get you "up and running." o Installation Guide -- deployment, installation, and integration information designed to help you install and access IMSVA. o Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install IMSVA 9.0 before installing this patch. You can download this package from: http://www.trendmicro.com/download/ 5. Installation/Uninstallation ======================================================================== Note: You must install this patch on all computers running IMSVA if you are using distributed deployment mode. 5.1 Installation ===================================================================== To install this patch: 1. Log on to the IMSVA web management console. 2. Click "Administration > Updates > System & Applications". 3. Select the patch package and upload it. 4. After a few minutes, check the latest uploaded package information to make sure the management console successfully uploaded the patch package to IMSVA. 5. If you have set up a group of IMSVA devices, select all child devices in the "Current status" section. Otherwise, select the parent device. 6. Click the "Update" button. 7. If a group has been set up, wait for all child devices to finish updating before selecting the parent device in the "Current status" section. Otherwise, go to step 10. 8. Click the "Update" button. 9. Wait for a few minutes and log on to the IMSVA web management console again. 10. Click "Administration > Updates > System & Applications". 11. Ensure that the "OS version"/"Application version" values for all items in the "Current status" section matches this patch version: OS Version: 2.6.32 Application Version: 9.0.0.1549 5.2 Uninstallation ===================================================================== To roll back to the previous configuration: 1. Log on to the IMSVA web management console. 2. Click "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears, showing the updates and related log information. 4. Click "Rollback" to remove an update. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this release. 8. Release History ======================================================================== See the following web site for more information about updates to this product: http://downloadcenter.trendmicro.com 9. Files Included in this Release ======================================================================== Filename Build No. ---------------------------------------------------------------- imssd 9.0.0.1549 imsstasks 9.0.0.1549 libFilterSpsTmase.so 9.0.0.1549 certagent 9.0.0.1549 MsgTracing-0.2-py2.6.egg 9.0.0.1549 MsgTracing-0.2-py2.6.egg-info 9.0.0.1549 imss6UIEvtLogs_ja.properties 9.0.0.1549 libEUQjni.so 9.0.0.1549 libFilterEmgrPlugin.so 9.0.0.1549 imssps 9.0.0.1549 S99IMSS 9.0.0.1549 policy_home.jsp 9.0.0.1549 libTmFoxSocketLib.so 9.0.0.1549 imss6Policy.properties 9.0.0.1549 imss6Policy_en.properties 9.0.0.1549 imss6Policy_ja.properties 9.0.0.1549 libProductLibrary.so 9.0.0.1549 validation.jsp 9.0.0.1549 RecipientParser.class 9.0.0.1549 RecipientParser$RecipientContentHandler.class 9.0.0.1549 Recipient.class 9.0.0.1549 RcptSyncAction.class 9.0.0.1549 RcptSync.class 9.0.0.1549 Query.class 9.0.0.1549 PrefilterDAO.class 9.0.0.1549 EmailSync.class 9.0.0.1549 DomainEmail.class 9.0.0.1549 BatchFormatter.class 9.0.0.1549 AddDomainAction.class 9.0.0.1549 add_domain_name_dst.jsp 9.0.0.1549 TmFoxProxy 9.0.0.1549 libICRCHdler.so 9.0.0.1549 libem_helpr.so 9.0.0.1549 UpdateDlpTemplate31From01to05_en.sql 9.0.0.1549 apply_db.sh 9.0.0.1549 libImssCommon.so 9.0.0.1549 tlsagent 9.0.0.1549 script/openssl 9.0.0.1549 script/c_rehash 9.0.0.1549 apache.sh 9.0.0.1549 Apache.sh 9.0.0.1549 openssl1/bin/openssl 9.0.0.1549 openssl1/bin/c_rehash 9.0.0.1549 openssl1/lib/libssl.so.1.0.0 9.0.0.1549 openssl1/lib/libssl.so.6 9.0.0.1549 openssl1/lib/libssl.so 9.0.0.1549 openssl1/lib/libcrypto.so.6 9.0.0.1549 openssl1/lib/libcrypto.so 9.0.0.1549 openssl1/lib/libcrypto.so.1.0.0 9.0.0.1549 postalias 9.0.0.1549 postcat 9.0.0.1549 postconf 9.0.0.1549 postdrop 9.0.0.1549 postfix 9.0.0.1549 postkick 9.0.0.1549 postlock 9.0.0.1549 postlog 9.0.0.1549 postmap 9.0.0.1549 postmulti 9.0.0.1549 postqueue 9.0.0.1549 postsuper 9.0.0.1549 sendmail 9.0.0.1549 anvil 9.0.0.1549 bounce 9.0.0.1549 cleanup 9.0.0.1549 discard 9.0.0.1549 error 9.0.0.1549 flush 9.0.0.1549 lmtp 9.0.0.1549 local 9.0.0.1549 master 9.0.0.1549 nqmgr 9.0.0.1549 oqmgr 9.0.0.1549 pickup 9.0.0.1549 pipe 9.0.0.1549 postfix-files 9.0.0.1549 postfix-script 9.0.0.1549 postfix-wrapper 9.0.0.1549 post-install 9.0.0.1549 postmulti-script 9.0.0.1549 proxymap 9.0.0.1549 qmgr 9.0.0.1549 qmqpd 9.0.0.1549 scache 9.0.0.1549 showq 9.0.0.1549 smtp 9.0.0.1549 smtpd 9.0.0.1549 spawn 9.0.0.1549 tlsmgr 9.0.0.1549 trivial-rewrite 9.0.0.1549 verify 9.0.0.1549 virtual 9.0.0.1549 smart_reporter 9.0.0.1549 Base.py 9.0.0.1549 Class.py 9.0.0.1549 __init__.py 9.0.0.1549 lazy.py 9.0.0.1549 Lib.py 9.0.0.1549 Opcode.py 9.0.0.1549 Status.py 9.0.0.1549 Type.py 9.0.0.1549 win32dns.py 9.0.0.1549 imsa8WrsCategory.properties 9.0.0.1549 imsa8WrsCategory_en.properties 9.0.0.1549 libcme_dll.so 9.0.0.1549 rule_attr_true_file.jsp 9.0.0.1549 american-name.txt 9.0.0.1549 libdlpEngine.so.0 9.0.0.1549 libEmExpression.so 9.0.0.1549 ldaprep-0.1-py2.6.egg-info 9.0.0.1549 ldaprep-0.1-py2.6.egg 9.0.0.1549 libImssDAO.so 9.0.0.1549 libFilterVirus.so 9.0.0.1549 libImssRule.so 9.0.0.1549 QtQueryAction.class 9.0.0.1549 libPolicyCaller.so 9.0.0.1549 libPolicyUtility.so 9.0.0.1549 libImssPolicy.so 9.0.0.1549 dtasagent 9.0.0.1549 imssmgr 9.0.0.1549 imssdps 9.0.0.1549 tmpeEnum.xml 9.0.0.1549 tmpe.pol 9.0.0.1549 spanish-name.txt 9.0.0.1549 libcme_vxe_dll.so 9.0.0.1549 libcme_vxe_dll_static.so 9.0.0.1549 UpdateDlpTemplate.sh 9.0.0.1549 UpdateDlpTemplate.class 9.0.0.1549 initFileAttribute.jsp 9.0.0.1549 DLPExpressionInterface.class 9.0.0.1549 dlp_CTL.sql 9.0.0.1549 UpdateDlp2Template31_en.sql 9.0.0.1549 dbscript.conf 9.0.0.1549 libtmmsg.so 9.0.0.1549 mdalog_parser 9.0.0.1549 MTASettingAction*.class 9.0.0.1549 imss6Errors.properties 9.0.0.1549 imss6Errors_en.properties 9.0.0.1549 smtp_tls_ca_certificate_import.jsp 9.0.0.1549 smtp_tls_certificate_import.jsp 9.0.0.1549 smtp_tls_policy_import.jsp 9.0.0.1549 keywordListEdit.jsp 9.0.0.1549 imss6Policy.properties 9.0.0.1549 imss6Policy_en.properties 9.0.0.1549 quarantines_settings_detail.jsp 9.0.0.1549 deferred_query.jsp 9.0.0.1549 quarantines_archive.jsp 9.0.0.1549 quarantines_postpone.jsp 9.0.0.1549 quarantines_query.jsp 9.0.0.1549 quarantines_settings_detail.jsp 9.0.0.1549 help.html 9.0.0.1549 imp_exp 9.0.0.1549 imssausched 9.0.0.1549 libFilterAction.so 9.0.0.1549 libTMNotify.so 9.0.0.1549 libTMNotifymt.so 9.0.0.1549 IMSVA8-V2.mib 9.0.0.1549 RuleAttribute.class 9.0.0.1549 RuleAttrSpamAction.class 9.0.0.1549 glibc-2.12-1.149.el6_6.5.i686.rpm 9.0.0.1549 glibc-2.12-1.149.el6_6.5.x86_64.rpm 9.0.0.1549 glibc-common-2.12-1.149.el6_6.5.x86_64.rpm 9.0.0.1549 libtmfbeng.so 9.0.0.1549 LogQueryPolicyAction.class 9.0.0.1549 ProcQueueQueryAction.class 9.0.0.1549 ProcQueueQueryDAO.class 9.0.0.1549 QtLogrec.class 9.0.0.1549 QtQueryDAO.class 9.0.0.1549 Utility.class 9.0.0.1549 PolicyLogrec.class 9.0.0.1549 LogQueryPolDAO.class 9.0.0.1549 procqueue_query_detail.jsp 9.0.0.1549 procqueue_query_results.jsp 9.0.0.1549 imss6Logs.properties 9.0.0.1549 imssctl.sh 9.0.0.1549 log_HourlyTableInitSP.sql 9.0.0.1549 rt_GenMailTrafficSP.sql 9.0.0.1549 create.sql 9.0.0.1549 imssOLH.properties 9.0.0.1549 imssOLH_en.properties 9.0.0.1549 libssl3.so 9.0.0.1549 libsqlite3.so 9.0.0.1549 libsoftokn3.so 9.0.0.1549 LdapCacheSync$1.class 9.0.0.1549 LdapCacheSync.class 9.0.0.1549 libImssCrypto.so 9.0.0.1549 DeliveryPolicy.class 9.0.0.1549 DeliveryPolicyDAO.class 9.0.0.1549 imss6System.properties 9.0.0.1549 imss6System_en.properties 9.0.0.1549 struts-config-system.xml 9.0.0.1549 smtp_delivery_detail.jsp 9.0.0.1549 pack_tool 9.0.0.1549 libem_debug.so 9.0.0.1549 euqutil 9.0.0.1549 login.jsp 9.0.0.1549 apply_app.sh 9.0.0.1549 c1_notification.jsp 9.0.0.1549 ExInterface_IMSVA.ini 9.0.0.1549 forceUpdate 9.0.0.1549 ibe_job_doer 9.0.0.1549 ibe_job_getter 9.0.0.1549 ibe_license.jsp 9.0.0.1549 ibe_reg 9.0.0.1549 ibes 9.0.0.1549 icon_notactivated.png 9.0.0.1549 iframe_widget.jsp 9.0.0.1549 libFilterAntiSpoof.so 9.0.0.1549 libFilterDkimEF.so 9.0.0.1549 libFilterGraymail.so 9.0.0.1549 libFilterWrs.so 9.0.0.1549 libImssEncrypt.so 9.0.0.1549 libIMSSjni.so 9.0.0.1549 NotiSetting.class 9.0.0.1549 NotiSettingsAction.class 9.0.0.1549 prefilter_license.jsp 9.0.0.1549 product_reg_page.jsp 9.0.0.1549 summ_activity.jsp 9.0.0.1549 summ_realtime.jsp 9.0.0.1549 summ_system.jsp 9.0.0.1549 sys_noti_settings.jsp 9.0.0.1549 TmLicense.class 9.0.0.1549 WizardAction.class 9.0.0.1549 WizardActionAppliance.class 9.0.0.1549 wrsagent 9.0.0.1549 Apache 9.0.0.1549 Tomcat 9.0.0.1549 mod_jk.so 9.0.0.1549 Online help 9.0.0.1549 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, InterScan, eManager, and Control Manager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide