<> Trend Micro Incorporated September 11, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 9.1 Patch 2 - Build 1817 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About InterScan Messaging Security Virtual Appliance 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and antispyware. Content filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 1.1 Overview of This Release ===================================================================== This patch includes all patches and critical patches released after IMSVA 9.1 Patch 1 Build 1631. 1.2 Who Should Install This Release ===================================================================== Install this patch if you are currently running any package released before IMSVA 9.1 Patch 2 Build 1817. 2. What's New ======================================================================== NOTES: - Please install this patch before completing any procedures in this section (see "Installation"). - If you are using Trend Micro Control Manager(TM) 6.0 to manage IMSVA 9.1, you need to install Hotfix 3425 for Control Manager 6.0 Service Pack 3 or later after installing this patch. - You must restart all IMSVA devices as scheduled after applying this patch. - After applying this patch, the "Timeout" value in "Administration > IMSVA settings > SMTP Routing > Connections > SMTP Interface" page automatically changes to two minutes. This is because of Enhancement 21 (Refer to Section 2.1) which now requires the timeout value must not be less than two minutes. You need to manually set an appropriate value after applying this patch. 2.1 Enhancements ==================================================================== The following enhancements are included in this patch: Enhancement 1: Date Format - The English version of the date format in the End User Quarantine (EUQ) digest notification is MM/DD/YYYY. This patch provides an option to specify the date format. Procedure 1: To change the date format to DD/MM/YYYY: a. Install this patch (see "Installation"). b. Connect to the IMSVA database using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Run the following SQL statements to set the threshold to the preferred value: insert into tb_global_setting values('general','TimeFormat','%d/%m/%Y %X', 'imss.ini',''); d. Log off from the database server by running the following command: \q Enhancement 2: Anti-spoof Policy - For security reasons, the anti-spoof policy of IMSVA checks all Internet- received IP addresses in email messages. However, some users want the anti-spoof policy to check only the connection IP addresses. This patch enables you to configure the anti-spoof policy to check only the connection IP addresses. Procedure 2: To enable this option: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set the preferred value: [general] antispoof_only_check_connect_ip=yes NOTE: The default value of this key is "no", which checks all IP addresses in email messages. d. Save the change and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 3: Sample Submission - This patch enables IMSVA to wait for the results for a batch of samples from Trend Micro Deep Discovery Analyzer before sending more samples for analysis. This can help decrease the number of submissions to Deep Discovery Analyzer especially when IMSVA receives the same email message many times within a short period of time. Enhancement 4: Java Runtime Environment - This patch removes JRE from IMSVA and enables it to use openJRE instead. Enhancement 5: True File Type Policy - This patch updates the eManager(TM) module to enable the "true file type" policy to detect PNG image files. Enhancement 6: BCC Email Messages - When BCC action is configured, IMSVA sends the BCC email messages in the same session as the original email message. This patch enables users to configure IMSVA to send BCC email messages in a new session. Procedure 6: To configure IMSVA to send BCC email messages in a new session: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "General-Notification" section and set its value to "yes": [General-Notification] SendBccInNewSession=yes NOTES: - The default value of this key is "no". - For security, the newly generated BCC email message is sent back to IMSVA for re-scanning. To skip this scan, add "BccInNewSessionSkipScan=yes" under the "General-Notification" section. d. Save the change and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 7: Spoofed Internal Messages Policy - The "Trusted Internal IP List" for the "Spoofed internal messages" policy allows IMSVA to add 500 records only. This patch enables IMSVA to add more records. Procedure 7: To extend the number of records that IMSVA can add to the "Trusted Internal IP List" for "Spoofed internal messages": a. Install this patch (see "Installation"). b. Open the "imssDefine.properties" file in the "/opt/trend/imss/UI/adminUI/ROOT/WEBINF /classes/" folder using a text editor. c. Add the following setting and set its value to the preferred maximum number of records: policyAntiSpoof.TrustedIPList.sizeLimit=800 NOTE: The default value of this key is "500", which allows IMSVA to add up to 500 records. d. Save the change and close the file. e. Restart the management console using the following command: /opt/trend/imss/script/S99ADMINUI restart Enhancement 8: Attachment Name or Extension Filter - This patch adds a setting to help ensure that the "Attachment Name or Extension" filter can detect and block files embedded in .doc file attachments. Procedure 8: To ensure that IMSVA can successfully detect and block files embedded in the .doc file attachments: a. Install this patch (see "Installation"). b. Open the "/opt/trend/imss/config/imss.ini" file. c. Add the following key under the "general" section and set its value to "yes": [general] ScanFileNameInOle=yes d. Save the change and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 9: SMTP and HTTPS Certificates - Previously, IMSVA allows users to add only 1024- or 2048-bit certificates from the "Administration > Transport Layer Security > SMTP and HTTPS Certificates" screen. This patch enables IMSVA to support 4096-bit certificates. Enhancement 10: Email Information Matching - Some users may need to match data from multiple lines. This patch provides an option to configure IMSVA to normalize the email data into one line before attempting to match the information. Procedure 10: To enable IMSVA to normalize the email data into one line before matching: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "yes": [general] EnableContentFilterNormalize=yes d. Save the change and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 11: DLP Templates - This patch upgrades the Trend Micro Data Loss Prevention(TM) (DLP) templates to support more templates. Enhancement 12: Compressed File Handling - The Virus Scan Engine may not be able to extract compressed files that contain new features and return an -81 error instead, which triggers the scan exception policy of IMSVA. This patch enables users to configure IMSVA to ignore the error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To configure IMSVA to ignore the -81 error: 1. Install this patch (see "Installation"). 2. Connect to the IMSVA database using the following command: `/opt/trend/imss/PostgreSQL/bin/psql imss sa` 3. Run the following SQL statement in a single line: `INSERT INTO tb_global_setting VALUES ('virus', 'VSBIgnNotSupportedErr', '1', 'imss.ini', NULL);` NOTE: The default value is "0", which allows the -81 error to trigger the scan exception policy of IMSVA. 4. Log off from the database server by running the following command: `\q` 5. Restart the scanner service using the following command: `/opt/trend/imss/script/S99IMSS restart` Enhancement 13: Attachment True File Type Policy - This patch enables the "Attachment True File Type" policy of IMSVA to detect MSI files. Enhancement 14: Log Reports - This patch enables IMSVA to send more accurate logs to Control Manager. Enhancement 15: OpenSSL - This patch upgrades the OpenSSL component of IMSVA. Enhancement 16: Apache - This patch upgrades the Apache component of IMSVA. Enhancement 17: Tomcat - This patch upgrades the Tomcat component of IMSVA. Enhancement 18: PHP - This patch upgrades the PHP component of IMSVA. Enhancement 19: PCRE - This patch upgrades the PCRE library in IMSVA. Enhancement 20: Tomcat-connector - This patch upgrades the Tomcat-connector in IMSVA. Enhancement 21: DMARC - This patch allows users to define Domain-based Message Authentication, Reporting and Conformance (DMARC) settings, including the actions to take on messages that fail DMARC verification. NOTE: This enhancement automatically sets the "Timeout" value in the "Administration > IMSVA settings > SMTP Routing > Connections > SMTP Interface" page to two minutes which is the new minimum value supported. You need to manually configure this to the preferred values after installing this patch. Enhancement 22: EUQ digest - This patch allows users to send EUQ digests up to a maximum of six times within a day. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: When the system defers an email message and does not deliver it within the current hour (but delivers the email message in the next hours), the IMSVA message tracing service may be not able to update the message status. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch ensures the IMSVA message tracing service works normally. Issue 2: In certain situations, normal email messages may seemingly trigger the scanning exception for BCC actions, and the user receives the BCC email message incorrectly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch resolves this issue. Issue 3: IMSVA 9.1 and 9.1 Patch 1 are affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch removes the vulnerabilities. Issue 4: The social engineering attack details on the "Log Query" page for policy events may display incorrectly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch resolves this issue. Issue 5: Users cannot view the timestamp information in log query results when one or more recipient email addresses contain an apostrophe ('). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that users can view the timestamp information in log query results. Issue 6: Sometimes, IMSVA takes a long time to scan certain email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch upgrades the eManager module to resolve this issue. Issue 7: When importing a certificate and assigns it to either the management console or EUQ console, IMSVA may not be able to extract the corresponding private key properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch ensures that IMSVA can extract the private key and assign imported policies properly. Issue 8: Administrators cannot enable or disable EUQ and admin accounts even when the required number of LDAPs have been configured. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that administrators can enable and disable EUQ and admin accounts when the correct number of LDAPs are configured. Issue 9: An issue prevents IMSVA from deleting the IP address of a child IMSVA device from the child IP list on the parent IMSVA device after the child device unregisters from its parent device. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch ensures that IMSVA promptly deletes the IP addresses of unregistered child devices from the IP list on the parent device. Issue 10: SNAP reports may not be displayed properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch ensures that IMSVA can display SNAP reports properly. Issue 11: The default "merge" option is not selected automatically on the "Import Syslog Server Settings" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch ensures that the check box is selected by default. Issue 12: After unregistering from its parent IMSVA device, a child IMSVA device cannot re-install a patch that it has installed previously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch ensures that a child IMSVA device can re-install a patch that has been previously installed after it unregisters from its parent IMSVA. Issue 13: The IMSVA management console is affected by some minor issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch applies updates to the management console to resolve these issues and improve its performance. Issue 14: If the size of the archive queue exceeds the configured maximum, IMSVA deletes the EUQ records from the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch prevents IMSVA from deleting EUQ records from the database when the archive queue exceeds the maximum size. Issue 15: The antispoof feature of IMSVA may not be able to retrieve the correct IP address from received email messages. As a result, it blocks certain email messages unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures that the feature can successfully retrieve the correct IP address from received email messages. Issue 16: A policy has been configured to block password- protected zip files. The current mechanism may not be able to detect password-protected Office files inside a zip file that is not password-protected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch updates the eManager module to resolve this issue. Issue 17: While scanning email messages, IMSVA needs to transfer user-defined regular expressions to an internal format table. If there are lots of regular expressions, IMSVA may encounter a high CPU usage issue and become slow to respond. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch upgrades the eManager module to resolve this issue. Issue 18: When IMSVA integrates with Virtual Analyzer in some extreme conditions, IMSVA applies the "pass" action on the attached file that Virtual Analyzer analyzed as a risky file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch resolves the issue. Issue 19: IMSVA may treat some write-protected PDF files as password-protected files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch upgrades the eManager module to ensure that IMSVA can correctly recognize write-protected files. Issue 20: If the subject header of the original email message is blank and IMSVA adds a tag with non-ASCII characters into the subject field, the contents of the field appear in mobijake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch ensures that the subject header does not appear in mobijake under the scenario described above. Issue 21: Under certain conditions, IMSVA may detect that another process is running an ActiveUdpdate (AU) task by mistake, which triggers it to skip this round of AU update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch ensures that IMSVA can correctly detect whether an AU task is running or not. Issue 22: When an email messages is quarantined, IMSVA does not check if another file with the same file name exists in the quarantine folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch enables IMSVA to check if a file with the same file name already exists in the quarantine folder before sending an email message to quarantine. Issue 23: File Reputation Service (FRS) traffic does appear on the Smart Protection Server console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch updates the Smart Scan module, so the FRS traffic appears on the Smart Protection Server console. Issue 24: If both the file extension and true file type options are enabled in a policy and the policy is configured to send email messages to Virtual Analyzer for analysis, IMSVA may take action on the email message without sending it to Virtual Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch ensures that IMSVA sends the email message to Virtual Analyzer. Issue 25: When IMSVA imports some special logs to the database, it may detect that the database connection is closed by mistake and starts a new connection to the database. When this happens, a TCP connection leakage occurs, which triggers the database to refuse new connections. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch ensures that IMSVA can detect the current database connection. Issue 26: Hotfix 1669 changes the default timeout behavior when sending samples to Trend Micro Deep Discovery Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch rolls back the change. Issue 27: The database connection may leak out when certain types of logs are queried. When this happens, the IMSVA console may respond very slowly and may not be able to display some information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch fixes the IMSVA console performance issues. Issue 28: When users receive encrypted email messages from an end user, the messages do not contain any information about how to open the encrypted content. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch enables IMSVA to add the decryption instructions to each encrypted email message. Issue 29: If a rule's "Scanning Conditions" is a combination of conditions that need Virtual Analyzer and some that do not need Virtual Analyzer, and the Virtual Analyzer result is "safe", IMSVA will not be able to apply the action from the "Scanning Conditions" that do not need Virtual Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This patch ensures that IMSVA can apply all the required actions in the scenario described above. Issue 30: If IMSVA attempts to send a large number of suspicious email messages that do not contain attachments to Deep Discovery Analyzer, some of the email messages may not be sent and trigger Virtual Analyzer scanning exceptions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This patch ensures that IMSVA can successfully send a large number of suspicious email messages to Deep Discovery Analyzer for further analysis. Issue 31: IMSVA may not be able to create "Admin Accounts" if it is using a Domino LDAP server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This patch ensures that IMSVA can create "Admin Accounts" without issues. Issue 32: Users cannot add more than one LDAP server when there are duplicate records on the current LDAP server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This patch removes the duplicate records so that users can add multiple LDAP servers. Issue 33: Smart Scan cannot be enabled after users import the configuration file from IMSS 7.1 for Microsoft(TM) Windows(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch ensures Smart Scan can be enabled normally. Issue 34: When a compressed file contains Microsoft Office(TM) files, IMSVA may not be able to count the total number of files in the compressed file. If the threshold in "Policy > Scanning Exceptions > Total # files in compressed file exceeds" is low, this may trigger a scan exception. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This patch ensures that IMSVA can count the total number of files in a compressed file correctly. Issue 35: IMSVA may record certain sensitive information in the log file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch ensures that IMSVA does not add sensitive information into the log file. Issue 36: If the maximum number of scanner processes that can run at the same time is set to a very small value, the SNAP report service may keep restarting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This patch resolves the issue so the SNAP report service runs normally. Issue 37: If an email message is detected as SNAP and is sent to Virtual Analyzer for further analysis, IMSVA may still take action on the email message even when Virtual Analyzer returns a safe result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch ensures that IMSVA does not take action on an email message when Virtual Analyzer considers it as safe. Issue 38: After a child IMSVA build number between 1669 to 1680 registers to a parent IMSVA, the child IMSVA console may still be accessible. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch ensures that users will be able to access the child IMSVA console only through the parent IMSVA console. Issue 39: After applying Hotfix 1680, IMSVA may not be able to generate Cloud Pre-Filter reports. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch resolves the issue to ensure that IMSVA can generate Cloud Pre-Filter reports normally. Issue 40: An issue may prevent IMSVA from adding stamps to email messages sent from iCloud. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch ensures that IMSVA can add stamps to email messages. Issue 41: Under certain extreme conditions, an issue within the eManager module can trigger IMSVA to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This patch updates the eManager module to resolve the issue. Issue 42: Some third-party modules in IMSVA are affected by vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This patch upgrades the Tomcat, OpenSSL, and Linux(TM) kernel modules to resolve the vulnerabilities. Issue 43: Sometimes, certain email messages cannot be delivered because IMSVA detects that the email messages were not archived even when the messages have been archived successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This patch ensures that IMSVA can correctly detect when an email message has been archived successfully. Issue 44: In some network setting, the child IMSVA EUQ IP address changes unexpectedly in parent-child mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This patch resolves the issue. Issue 45: The following error message may appear on the IMSVA management console even when IP-based throttling is disabled: Select either "Maximum connections" or "Maximum messages" or both before performing IP-based throttling. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This patch ensures that the error message is triggered only when IP-based throttling is enabled. Issue 46: Sometimes, if the downstream mail transfer agent (MTA) of the next hop MTA uses the tarpitting feature on the RCPT command, IMSVA times out and stops sending the notification messages. When this happens, the notification messages stack up in IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: This patch enables IMSVA to correctly retry sending a notification message under this scenario and allows users to extend the time-out value for the RCPT command to a value larger than 120 seconds to help ensure the tarpitting feature works. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 46: To configure the time-out value: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/ config" folder using a text editor. c. Add the following setting under the "imss_manager" section and set the preferred time-out value in seconds: [imss_manager] smtp_rcpt_response_timeout=150 NOTE: The default value is "120". d. Save the change and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99MANAGER restart Issue 47: The IMSVA message tracing service may not start under certain conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 47: This patch ensures that the IMSVA message tracing service can start successfully. Issue 48: When users import the "Trusted Internal IP List" for "Spoofed internal messages" from a file, only 500 IP addresses will be imported by default even if the user sets the maximum number of IP addresses to a larger number. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 48: This patch resolves the issue by ensuring that IMSVA reads the limit on the number of IP addresses that can be imported from the configuration files before importing the "Trusted Internal IP List". Issue 49: The TMMSG module from Hotfix 1687 may stop working while adding stamps to email messages that are not encoded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 49: This patch updates the TMMSG module to resolve the issue. Issue 50: When users add a long email address in the EUQ Approved Sender list, they may not be able to see the entire email address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 50: This patch ensures that users can see the entire email address. Issue 51: The IMSVA "file name and extension" filter for attachment files does not detect corrupted RAR file attachments, even when the file name or extension contains a keyword. This issue occurs because eManager tries to check the file name in the ZIP/RAR file when the filter is "file name and extension". If the file is corrupted in the ZIP/RAR format, eManager cannot scan the file name of the ZIP/RAR file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 51: This patch ensures that IMSVA checks only the file name of the ZIP/RAR file if it detects that the RAR file is corrupted. Issue 52: Under some extreme conditions, the IMSVA DTAS agent may fail to start when the computer restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 52: This patch ensures that the DTAS agent restarts correctly under these extreme conditions. Issue 53: IMSVA may not be able to import configuration files that use a large number of DLP compliance templates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 53: This patch ensures that IMSVA can import configuration files that use a large number of DLP compliance templates. Issue 54: A configured alternative LDAP server may not be able to connect to the main LDAP server because the wrong server principle name is used for Kerberos authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 54: This patch ensures that IMSVA uses the correct server principle name for Kerberos authentication so that the alternative and main LDAP servers can communicate normally. Issue 55: The IMSVA 9.1 program is affected by certain vulnerabilities related to the OS kernel. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 55: This patch updates the OS kernel to resolve the vulnerabilities. NOTES: - You need to restart the computer after installing this hotfix to start the new kernel. - Installing this patch may impact the performance of the computer by five percent or more depending on your hardware and mail traffic. Issue 56: The LDAP cache on child IMSVA devices may not be updated normally when there are multiple parent LDAPs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 56: This patch ensures that the LDAP cache on child IMSVA devices is updated normally and resemble the parent's LDAP cache. Issue 57: Users may not be able to open policy notifications after importing the configurations from IMSS 7.5 for Windows. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 57: This patch ensures that users can open policy notifications without issues. Issue 58: Sometimes it takes a long time to display the results of queries for certain types of message tracing logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 58: This patch ensures that the logs can be queried normally. Issue 59: When users set "proxyAddresses" in "Administration > IMSVA Configuration > Connections > LDAP", email addresses are rejected even if the "proxyAddresses" attribute has actual mail address on the LDAP server. This is because IMSVA needs the return mail attribute on the LDAP server. If the LDAP server does not have the mail attribute, it fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 59: This patch allows users to configure IMSVA to use "proxyAddresses" or a custom value specified from the management console for "ldapimsa_result_attribute" to resolve the issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 59: To configure IMSVA to use "proxyAddresses" or a custom value specified from the management console for "ldapimsa_result_attribute": a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/ config" folder using a text editor. c. Add the following key under the "LDAP" section and set its value to "yes": [LDAP] use_same_attr=yes d. Save the change and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99MANAGER restart Issue 60: Under extreme conditions, the IMSVA Control Manager agent (CMAgent) may set the log path to an incorrect disk partition unexpectedly. Once this happens, the IMSVA disk may become full. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 60: This patch ensures the IMSVA CMAgent does not modify the log path by mistake. Issue 61: After users disable functions for parsing logs, the system stops generating logs and purges all the old logs. When this happens, the IMSVA manager keeps logging "FATAL" messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 61: This patch ensures that "FATAL" logs will not be generated under these conditions. Issue 62: The "Spoofed internal messages" policy of IMSVA may detect certain email messages by mistake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 62: This patch resolves the issue. Issue 63: Under certain extreme conditions, the message tracing service of IMSVA may stop working. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 63: This patch resolves this issue. Issue 64: Sometimes, users may find one zombie process in IMSVA but this does not impact any function of IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 64: This patch removes this issue. Issue 65: Users may fail to release the following: - Messages with password-protected attachment(s) - Messages that have not been sent to Virtual Analyzer or trigger exceptions from Virtual Analyzer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 65: This patch ensures that those email messages can be released. Issue 66: Certain files are recognized as EXE files by mistake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 66: This patch upgrades the eManager module to resolve this issue. Issue 67: Certain email messages with an encoded header cannot be detected as spam. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 67: This patch resolves this issue. Issue 68: A segmentation fault that may occur during license renewal may cause the CMAgent to restart repeatedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 68: This patch resolves this issue by updating the CMAgent library. Issue 69: When IMSVA fails to quarantine an email message, this message is incorrectly indexed to the EUQ Database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 69: This patch resolves this issue. Issue 70: It may take a long time for IMSVA to process email tracking queries and deadlock issues related to the pglog file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 70: This patch resolves these issues. Issue 71: The Trend Micro Feedback Engine (TMFBE) may stop unexpectedly on a third-party SSL library if certain types of proxy servers with SHA256 certificates exist in the network. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 71: This patch resolves this issue. Issue 72: "imss.ini.db" does not support the HTTPS equivalent of the HTTP website for license updates (PrServerUpdateURL). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 72: This patch updates the PR module to ensure that "imss.ini.db" supports both the HTTP and HTTPS license update websites. Issue 73: IMSVA stops processing email messages unexpectedly. When this happens, email messages are reprocessed only after IMSVA restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 73: This patch ensures that IMSVA processes email messages normally. Issue 74: Under certain conditions, IMSVA may send out policy notifications with no email body and without attaching the original email message attached. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 74: This patch resolves this issue. Issue 75: The Scan Service could not start when other services such as Postfix use the reprocess port (10024). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 75: This patch resolves this issue. Issue 76: The EUQ service is disabled unexpectedly when users log on for the first time after restarting the computer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 76: This patch ensures that the EUQ service is not disabled unexpectedly under the scenario described above. Issue 77: .js files embedded in a .doc file attachment still pass through when the "Attachment Rule" policy is set to block these files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 77: This patch ensures that the "Attachment Rule" policy can block .js files embedded in .doc file attachments when configured. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IMSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== Trend Micro recommends installing IMSVA 9.1 or IMSVA 9.1 Patch 1 before installing this patch. You can download the packages from: http://www.trendmicro.com/download/ 5. Installation ======================================================================== This section explains key steps for installing the patch. NOTE: You must install this patch on all computers running IMSVA if you are using distributed deployment mode. 5.1 Installing ===================================================================== To install: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Select the patch package and upload it. 4. After a few minutes, check the latest uploaded package information to make sure the management console successfully uploads the patch package to IMSVA. 5. If you have set up a group of IMSVA devices, select all child devices in the "Current status" section. Otherwise, select the parent device. 6. Click "Update". 7. If a group has been set up, wait for all child devices to finish updating before selecting the parent device in the "Current status" section. Otherwise, go to step 10. 8. Click "Update". 9. Wait for a few minutes and log on to the IMSVA management console again. 10. Go to "Administration > Updates > System & Applications". 11. Ensure that the "OS version"/"Application version" values for all items in the "Current status" section matches this patch version: OS Version: 2.6.32 Application Version: 9.1.0.1817 12. If you are using Control Manager 6.0 to manage IMSVA 9.1, install Hotfix 3425 for Control Manager 6.0 Service Pack 3. Contact the Trend Micro Support group for the patch package. 13. Restart all IMSVA devices as scheduled. 5.2 Uninstalling ===================================================================== To roll back to the previous build: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears, showing the updates and related log information. 4. Click "Rollback" to remove an update. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this release. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 9. Files Included in This Release ======================================================================== Filename Build No. --------------------------------------------------------------------- AddBlockIPAction.class 9.1.0.1817 AddBlockIPFromCacheAction.class 9.1.0.1817 AddWhiteIPAction.class 9.1.0.1817 AdminDBAction$1.class 9.1.0.1817 AdminDBAction.class 9.1.0.1817 admin_euq.jsp 9.1.0.1817 AgentSDK/libcares.so.2 9.1.0.1817 AgentSDK/libcrypto.so.1.0.0 9.1.0.1817 AgentSDK/libcrypto.so.4 9.1.0.1817 AgentSDK/libcurl.so.4 9.1.0.1817 AgentSDK/libEn_Utility.so.1 9.1.0.1817 AgentSDK/libssl.so.1.0.0 9.1.0.1817 AgentSDK/libssl.so.4 9.1.0.1817 AgentSDK/libSSO_PKIHelper.so.1.0.0 9.1.0.1817 AgentSDK/libTrendAprWrapper.so.1 9.1.0.1817 AgentSDK/libz.so.1 9.1.0.1817 apache 9.1.0.1817 apply_db.sh 9.1.0.1817 apply_special.sh 9.1.0.1817 archive_settings_detail.jsp 9.1.0.1817 aucmd 9.1.0.1817 BlockIPItem.class 9.1.0.1817 BlockIPList.class 9.1.0.1817 cfgtool.sh 9.1.0.1817 cgiCmdNotify 9.1.0.1817 ClickLogrec.class 9.1.0.1817 ClickLogs$1.class 9.1.0.1817 ClickLogs.class 9.1.0.1817 ClickProtectionDAO.class 9.1.0.1817 config.php 9.1.0.1817 ConnChildIPAction.class 9.1.0.1817 ConnTMCMAction.class 9.1.0.1817 Constants.class 9.1.0.1817 c_rehash 9.1.0.1817 CustomDefenseSettings.class 9.1.0.1817 DetailReportAction.class 9.1.0.1817 DkimSignAction$1.class 9.1.0.1817 DkimSignAction.class 9.1.0.1817 DkimSignAction$LogLevel.class 9.1.0.1817 DLPExpressionInterface.class 9.1.0.1817 dmarcreport_sender 9.1.0.1817 dtasagent 9.1.0.1817 dtv_pdfcrypto.so 9.1.0.1817 enable_auth_only.sh 9.1.0.1817 EuqMgrAction.class 9.1.0.1817 euquarantine_settings.jsp 9.1.0.1817 euqutil 9.1.0.1817 forceUpdate 9.1.0.1817 foxdns 9.1.0.1817 glibc-2.12-1.209.el6_9.2.i686.rpm 9.1.0.1817 glibc-2.12-1.209.el6_9.2.x86_64.rpm 9.1.0.1817 glibc-common-2.12-1.209.el6_9.2.x86_64.rpm 9.1.0.1817 ibe_job_doer 9.1.0.1817 ibe_job_getter 9.1.0.1817 ibe_reg 9.1.0.1817 ibes 9.1.0.1817 ibe.xml 9.1.0.1817 imp_exp 9.1.0.1817 imss6Errors_en.properties 9.1.0.1817 imss6Errors.properties 9.1.0.1817 imss6Quarantines_en.properties 9.1.0.1817 imss6Quarantines.properties 9.1.0.1817 imss6Sql.properties 9.1.0.1817 imss6System_en.properties 9.1.0.1817 imss6System.properties 9.1.0.1817 imss6UIEvtLogs_en.properties 9.1.0.1817 imss6UIEvtLogs.properties 9.1.0.1817 imssausched 9.1.0.1817 imssauutil 9.1.0.1817 imsscmagent 9.1.0.1817 imssd 9.1.0.1817 imss.dat 9.1.0.1817 imssmgr 9.1.0.1817 imssps 9.1.0.1817 imss.res 9.1.0.1817 imss.root 9.1.0.1817 IPFilterDAO.class 9.1.0.1817 ip_settings_conn_management.jsp 9.1.0.1817 ip_whitelist.jsp 9.1.0.1817 kernel-2.6.32-696.13.2.el6.x86_64.rpm 9.1.0.1817 kernel-2.6.32-696.3.2.el6.x86_64.rpm 9.1.0.1817 kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm 9.1.0.1817 kernel-firmware-2.6.32-696.3.2.el6.noarch.rpm 9.1.0.1817 ldaprep-0.1-py2.7.egg 9.1.0.1817 ldaprep-0.1-py2.7.egg-info 9.1.0.1817 LdapUserWSAction.class 9.1.0.1817 ldaputil 9.1.0.1817 libcme_dll.so 9.1.0.1817 libcme_vxe_dll.so 9.1.0.1817 libcme_vxe_dll_static.so 9.1.0.1817 libcrc0filter.so 9.1.0.1817 libcrypto.so 9.1.0.1817 libdlpEngine.so.0 9.1.0.1817 libdtsearch.so 9.1.0.1817 libEmExpression.so 9.1.0.1817 libem_helpr.so 9.1.0.1817 libEUQjni.so 9.1.0.1817 libeuq.so 9.1.0.1817 libFilterAction.so 9.1.0.1817 libFilterAntiSpoof.so 9.1.0.1817 libFilterDkimEF.so 9.1.0.1817 libFilterEmgrPlugin.so 9.1.0.1817 libFilterGraymail.so 9.1.0.1817 libFilterSpsTmase.so 9.1.0.1817 libFilterVirus.so 9.1.0.1817 libFilterWrs.so 9.1.0.1817 libICRCHdler.so 9.1.0.1817 libICRCPerfLib_Cli.so 9.1.0.1817 libImssCommon.so 9.1.0.1817 libImssCrypto.so 9.1.0.1817 libImssDAO.so 9.1.0.1817 libImssEncrypt.so 9.1.0.1817 libIMSSjni.so 9.1.0.1817 libImssPolicy.so 9.1.0.1817 libImssRule.so 9.1.0.1817 libPolicyCaller.so 9.1.0.1817 libPolicyUtility.so 9.1.0.1817 libProductLibrary.so 9.1.0.1817 libssl.so 9.1.0.1817 libtmau.so 9.1.0.1817 libtmfbeng.so 9.1.0.1817 libtmmsg.so 9.1.0.1817 libtmprapid.so 9.1.0.1817 libtmprapi.so 9.1.0.1817 LogQueryClickAction.class 9.1.0.1817 LogQueryMsgDAO.class 9.1.0.1817 LogQueryPolicyAction$1.class 9.1.0.1817 LogQueryPolicyAction$2.class 9.1.0.1817 LogQueryPolicyAction.class 9.1.0.1817 logs_query_messageevent.jsp 9.1.0.1817 LogSyslogSettingAction.class 9.1.0.1817 MessageTracing.py 9.1.0.1817 modSimple 9.1.0.1817 modTMCSS 9.1.0.1817 modTMSPLX 9.1.0.1817 modZMultiple 9.1.0.1817 MsgLogrec$1.class 9.1.0.1817 MsgLogrec.class 9.1.0.1817 MsgTracing-0.2-py2.7.egg 9.1.0.1817 MsgTracing-0.2-py2.7.egg-info 9.1.0.1817 MTASettingAction$10.class 9.1.0.1817 MTASettingAction$11.class 9.1.0.1817 MTASettingAction$12.class 9.1.0.1817 MTASettingAction$13.class 9.1.0.1817 MTASettingAction$14.class 9.1.0.1817 MTASettingAction$15.class 9.1.0.1817 MTASettingAction$16.class 9.1.0.1817 MTASettingAction$17.class 9.1.0.1817 MTASettingAction$18.class 9.1.0.1817 MTASettingAction$19.class 9.1.0.1817 MTASettingAction$1.class 9.1.0.1817 MTASettingAction$20.class 9.1.0.1817 MTASettingAction$21.class 9.1.0.1817 MTASettingAction$22.class 9.1.0.1817 MTASettingAction$23.class 9.1.0.1817 MTASettingAction$24.class 9.1.0.1817 MTASettingAction$25.class 9.1.0.1817 MTASettingAction$26.class 9.1.0.1817 MTASettingAction$2.class 9.1.0.1817 MTASettingAction$3.class 9.1.0.1817 MTASettingAction$4.class 9.1.0.1817 MTASettingAction$5.class 9.1.0.1817 MTASettingAction$6.class 9.1.0.1817 MTASettingAction$7.class 9.1.0.1817 MTASettingAction$8.class 9.1.0.1817 MTASettingAction* 9.1.0.1817 MTASettingAction$9.class 9.1.0.1817 MTASettingAction.class 9.1.0.1817 opendkim 9.1.0.1817 opendmarc 9.1.0.1817 OpenJRE 9.1.0.1817 openssl 9.1.0.1817 php 9.1.0.1817 ProcQueueMail.class 9.1.0.1817 ProcQueueMailList.class 9.1.0.1817 ProcQueueQueryAction.class 9.1.0.1817 ProcQueueQueryDAO.class 9.1.0.1817 product_auth.php 9.1.0.1817 PurgeLastDayDataByScanner 9.1.0.1817 QtEditAreaAction.class 9.1.0.1817 quarantines_settings_detail.jsp 9.1.0.1817 QueryBlockIPAction.class 9.1.0.1817 received_ip_expression 9.1.0.1817 RuleAttrAntiSpoofAction.class 9.1.0.1817 rule_attr_true_file.jsp 9.1.0.1817 S99DTASAGENT 9.1.0.1817 S99IMSS 7.1.0.1817 smart_reporter 9.1.0.1817 smtp_tls_certificate_add.jsp 9.1.0.1817 step.py 9.1.0.1817 sudo-1.8.6p3-28.el6_9.x86_64.rpm 9.1.0.1817 sync_slave_ldapcache.sh 9.1.0.1817 tmpeEnum.xml 9.1.0.1817 tomact 9.1.0.1817 tomcat 9.1.0.1817 TypeDefine.class 9.1.0.1817 tzdata-2017b-1.el6.noarch.rpm 9.1.0.1817 UIEvtLogDAO.class 9.1.0.1817 UpdateWhitelistAction.class 9.1.0.1817 upgrade_InsertTransac_Redelivery.sql 9.1.0.1817 Utility.class 9.1.0.1817 validation.jsp 9.1.0.1817 WhiteListItem.class 9.1.0.1817 WizardActionAppliance$1.class 9.1.0.1817 WizardActionAppliance.class 9.1.0.1817 wrsagent 9.1.0.1817 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan Messaging Security Virtual Appliance, Control Manager, eManager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide