<<<>>> Trend Micro Incorporated December 09, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 9.1 Patch 1 - Build 1631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About InterScan Messaging Security Virtual Appliance 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and anti-spyware. Content-filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 1.1 Overview of this Release ===================================================================== This patch includes all hotfixes and critical patches released after IMSVA 9.1 GM Build 1600. 1.2 Who Should Install this Release ===================================================================== Install this patch if you are currently running any package released before IMSVA 9.1 Build 1631. 2. What's New ======================================================================== NOTES: - Please install the Patch before completing any procedures in this section (see "Installation"). - If you are using Trend Micro Control Manager(TM) 6.0 to manage IMSVA 9.1, you need to install Hotfix 3425 for Control Manager 6.0 Service Pack 3 after installing this patch. - You must restart all IMSVA's as scheduled after applying this patch. This patch addresses the following issues and includes the following enhancements: 2.1 Enhancements ==================================================================== The following enhancements are included in this patch: Enhancement 1: OpenSSL - This patch upgrades OpenSSL to version 1.0.2. Enhancement 2: Struts - This patch removes the struts 1.x module from IMSVA. Enhancement 3: Policies - The IMSVA attachment "Name or extension" policy can recognize the file name and extension of files in password-protected ZIP files. This patch provides an option to enable or disable this feature. Procedure 3: To configure this feature: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set the preferred value. [general] EnableScanFileNameInPasswordCompress=x Note: The default value of this key is "yes" which allows the IMSVA attachment "Name or extension" policy to recognize the file name and extension of files in password- protected ZIP files. To disable the feature, set the value to "no". d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 4: Log Types - This patch adds a special type of log related to the eManager(TM) module to help in the daily operation of a particular user. Enhancement 5: Policy Service - This patch enables the IMSVA policy service to add host name information to the notifications it sends to administrators when it cannot connect to the database or to the Lightweight Directory Access Protocol (LDAP) server. This information indicates which computer sent the notification. Enhancement 6: Advanced Threat Scan Engine - This patch allows users to configure the Advanced Threat Scan Engine (ATSE) in IMSVA to detect certain types of files in messages when Virtual Analyzer is enabled and to send suspicious messages to Trend Micro Deep Discovery Advisor for analysis. Procedure 6: To enable this option: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "1": [general] atse_afi_file_declaration_detect=1 Note: To disable the feature, set "atse_afi_file_declaration_detect=0" which is the default value. d. Save the changes and close the file. e. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Note: Trend Micro recommends enabling this feature only when IMSVA is integrated with Virtual Analyzer Enhancement 7: Antispam Policy - This patch allows users to configure the IMSVA antispam policy to detect new types of threats. Note: This patch upgrades the antispam engine to add information about new types of threats. Procedure 7: To enable this option: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add or locate the "tmase" section, add or locate the "enable_tlsh_decompress" key under the section, and set its value to "yes": [tmase] enable_tlsh_decompress=yes Note: The default value of this key is "yes" which enables the option. To disable the option, set "enable_tlsh_decompress=no". d. Save the changes and close the file. e. Restart scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 8: Web Reputation Service - The IMSVA Web Reputation Service (WRS) has a list of approved special URLS, for example those in jpg formats, which the WRS server allows users to access without checking. This patch adds an option to enable or disable the approved list of special URLs in WRS. Procedure 8: To enable the approved list of special URLs in WRS: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "wrsagent" section and set its value to "yes". [wrsagent] tmufe_file_exclude_extlist=yes Note: The default value of this key is "yes" which enables the option. To disable the option, set "tmufe_file_exclude_extlist=no". d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 9: Email Messages from Mobile Devices- This patch enables IMSVA to add stamps to email messages sent from mobile devices. Enhancement 10: Message Tracking - This patch enhances the message tracking feature of IMSVA 9.1 to help users in tracing certain messages. Enhancement 11: CSV Files - This patch enables users to open CSV files exported from IMSVA using Microsoft(TM) Excel(TM) by double-clicking them. Enhancement 12: Ransomware Detection - This patch gives users more visibility on ransomware detected by IMSVA by allowing users to either query ransomware detections in logs or view these in a widget on the dashboard. Procedure 12: To add a widget for ransomware detections: a. Install this patch (see "Installation"). b. Clear your browser cache if your browser accessed the IMSVA management console before. Otherwise, the newly added ransomware widget may encounter some display issues. c. Log on to the management console, go to the "Dashboard" screen, and click your preferred tab, for example, the "Message Traffic" tab. Click "Add Widgets" on the right side of the screen. d. Type keywords to search for "Ransomware Detections", select it, and click "Add". The "Ransomware Detections" widget appears on the original tab that you clicked. Enhancement 13: True File Type Policy - This patch enables IMSVA to show the "true file type" information that is detected by the "true file type" policy. Procedure 13: To enable this feature: a. Install this patch (see "Installation"). b. Log on to PostgreSQL by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Insert a flag into the "tb_global_setting" table by running the following command: insert into tb_global_setting values ('log','ShowTrueFileType','yes','imss.ini',''); Note: This feature is disabled by default. d. Log off from PostgreSQL by running the following command: \q e. Restart the management console by running the following command: /opt/trend/imss/script/S99ADMINUI restart Enhancement 14: Message Tracing Logs - This patch allows users to configure the number of flush records in imported message tracing logs. Procedure 14: To configure this number: a. Install this patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "imss_manager" section: [imss_manager] LogImporterLineFlushThreshold=100 NOTE: The default value is 500. d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99MANAGER restart Enhancement 15: Log Queries - When users query logs from IMSVA, the IMSVA web console displays only up to 15 logs on each page. This patch enables users to configure the default number of logs for each page. Procedure 15: To configure the default number of logs to display on each page: a. Install this patch (see "Installation"). b. Open the "imssDefine.properties" file in the "/opt/trend/imss/UI/adminUI/ROOT/WEB-INF/classes/" folder using a text editor. c. Locate the "log.query.defaultPageSize" key and set its value to the preferred number of logs for each page. For example, to set each page to display up to 100 logs, set "log.query.defaultPageSize=100". NOTE: The default value of this key is "15' and it accepts any of the following values: 10;15; 20;30;50;100;200. d. Save the changes and close the file. e. Restart the admin console using the following command: /opt/trend/imss/script/S99ADMINUI restart Enhancement 16: Virus Names- This patch enables IMSVA to display the long virus names instead of the short virus names to provide users with more accurate information. Enhancement 17: Disk Quota Warning Message - IMSVA provides a disk quota setting in the quarantine and archive settings. If the size of a message queue exceeds the quota, the oldest email messages will be removed from the queue. This patch enables IMSVA to notify administrators if the queue size reaches x% of the quota to warn them before the queue is full and allow them to decide whether to extend the queue size or remove the oldest messages. Procedure 17: To set the notification threshold: a. Install this patch (see "Installation"). b. Connect to the IMSVA database using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Run the following SQL statements to set the threshold to the preferred value (replace x with the preferred value) insert tb_global_setting values('quarantine', 'quarantine_notify_threshold','x','imss.ini',''); insert tb_global_setting values('quarantine', 'archive_notify_threshold','x','imss.ini',''); Note: The default value of this key is "90", which means that a notification message will be sent when the space usage exceeds 90%. The value "0" means to disable notification. d. Log off from the database server by running the following command: \q e. Restart the manager service using the following command: /opt/trend/imss/script/S99MANAGER restart Enhancement 18: LDAP Service - This patch enables users to disable local LDAP service synchronization to optimize performance. In general, users can consider disabling the feature under the following conditions: - If only one LDAP server is specified - and if the Cloud Pre-Filter email address synchronization is not enabled Procedure 18: To disable local LDAP service synchronization: a. Install this patch (see "Installation"). b. Run the following command to insert a flag into the "tb_global_setting" table. /opt/trend/imss/PostgreSQL/bin/psql -U sa -d imss -c "insert into tb_global_setting values ('ldap-cache', 'disable_ldap_sync', 'yes', 'imss.ini')" NOTE: The local LDAP service synchronization will become enabled by default after the patch is installed. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: When the "AllowScanEmbeddedBase64Attachment" key in the "imss.ini" file is enabled, IMSVA may encounter a high CPU usage issue while scanning certain types of email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch upgrades the eManager module to resolve this issue. Issue 2: A race condition occurs when the Linux kernel's memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings. An attacker could use this gain write access to read-only memory mappings. Anyone who has created an unprivileged root account can be vulnerable to this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch upgrades the Linux kernel to remove the vulnerability. Issue 3: IMSVA may not be able to query an LDAP server if the server group name contains a "(" or ")" character. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch ensures that IMSVA can handle the "(" and ")" characters in LDAP server group names. Issue 4: IMSVA notifies administrations if it cannot send queries to the Virtual Analyzer server because of a network issue, however, the notifications do not state the reason why it cannot send the queries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch ensures that the notifications contain the reason why IMSVA cannot send queries to the Virtual Analyzer server. Issue 5: Sometimes, IMSVA may not able to use multiple LDAP servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that IMSVA can use multiple LDAP servers. Issue 6: Sometimes, IMSVA may not able to quarantine certain types of email messages. If this happens, IMSVA keeps sending the email messages to the scanner for scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch ensures that IMSVA can quarantine these email messages. Issue 7: Some modules in IMSVA 9.1 are affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch updates these modules in IMSVA 9.1 to remove the vulnerabilities. Issue 8: IMSVA notifies administrations if it cannot send queries to the Virtual Analyzer server because of a network issue, however, the notifications do not state the reason why it cannot send the queries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that the notifications contain the reason why IMSVA cannot send queries to the Virtual Analyzer server. Issue 9: Message tracking logs of IMSVA may not track some special types of email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch ensures that IMSVA can track those types of email messages. Issue 10: An issue prevents IMSVA from recognizing certain carefully prepared email messages that violate RFC standards. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch updates the TmMsg module to enable IMSVA to detect these special malformed email messages. Issue 11: The OpenSSL modules in IMSVA 9.1 are affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch updates the OpenSSL modules in IMSVA 9.1 to remove the vulnerabilities. Issue 12: The IMSVA Message Tracking feature may not be able to track some special types of message logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch ensures that the IMSVA Message Tracking feature can trace these message logs. Issue 13: When the "AllowScanEmbeddedBase64Attachment" key in the "imss.ini" file is enabled, IMSVA may encounter a high memory and CPU usage issue while scanning certain types of email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch prevents the issue by updating the eManager module. Issue 14: A third-party Sender Policy Framework (SPF) module cannot handle certain valid DNS TXT records. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch upgrades the third-party module to resolve this issue. Issue 15: If "Smart Scan" is enabled, the IMSVA scanner service needs to reload the new "Smart Scan" pattern every hour. The scanner might stop responding while reloading the pattern file. If this happens, it cannot process new email messages until the next pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures that the scanner can reload the "Smart Scan" pattern without issues. Issue 16: The "True file type" policy may fail to detect some types of Microsoft Office files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch upgrades the eManager module to ensure IMSVA detects Office files properly. Issue 17: If a user chooses to submit an email message to Virtual Analyzer for further analysis, IMSVA sends the whole email message and the extracted subject to Virtual Analyzer. However, Virtual Analyzer cannot process email messages with non-UTF-8 subjects. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch enables IMSVA to attempt to convert such subjects to UTF-8. If it fails, IMSVA will encode the subjects by URL encoding to make sure that Virtual Analyzer can analyze the email messages. Issue 18: The "Message-ID" field in IMSVA 9.1 policy notifications follows the wrong format which violates RFC rules. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch ensures that "Message-ID" field in policy notifications conforms to RFC rules. Issue 19: Email messages sent from Microsoft Windows(TM) phones and iPhones cannot be encrypted correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch upgrades the email encryption module to enable it to encrypt email messages sent from Windows Phones and iPhones. Issue 20: An IMSVA service may not be able to work normally when a proxy server is configured. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch ensures that IMSVA services work normally under a proxy server. Issue 21: An issue related to the IMSVA TLSH function may trigger the IMSVA scan service to stop unexpectedly while scanning certain ZIP or TAR.GZ file attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch resolves the issue to ensure that IMSVA can scan ZIP or TAR.GZ file attachments normally. Issue 22: If a malformed email message is quarantined and reprocessed by an administrator, the IMSVA Message Tracking feature cannot display the reprocess record. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch ensures that the IMSVA Message Tracking feature can display the events for quarantined and reprocessed malformed email messages. Issue 23: Under certain conditions, the anti-spoof filter does not work and allows spoofed internal messages to bypass IMSVA 9.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch ensures that anti-spoof filter works normally. Issue 24: Users may not be able to search for email messages using certain special keywords. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch ensures that users can search for specific email messages normally. Issue 25: Under certain conditions, IMSVA may use the wrong sender IP address to query the Email Reputation Service (ERS) because it cannot retrieve the sender's IP address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch ensures that IMSVA can retrieve the sender's IP address and use it to query ERS. Issue 26: When users generate a Certificate Signing Request on the "SMTP and HTTPS Certificates" page, the wrong country code for Croatia is added to the certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch ensures that the correct country code appears on the certificates. Issue 27: If IMSVA is registered to Control Manager and the Control Manager Agent (CMAgent) is killed, the system semaphore leaks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch prevents the system semaphore leakage. Issue 28: While scanning certain email messages, the "spoofed internal messages" filter may cause high CPU usage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch resolves this issue. Issue 29: IMSVA may not be able to decode certain Japanese characters in message headers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This patch allows IMSVA to decode these Japanese characters in message headers. Issue 30: Social Engineering Attack Protection must be activated by the Spam Prevention Solution license. However, IMSVA mistakenly allows users to enable Social Engineering Attack Protection even if the Spam Prevention Solution license is not activated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This patch ensures Social Engineering Attack Protection is only available when the Spam Prevention Solution license is activated. Issue 31: IMSVA 9.1 may treat some legitimate email messages as malformed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This patch ensures that IMSVA can correctly recognize legitimate email messages. Issue 32: Some special configuration files cannot be imported to IMSVA 9.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This patch ensures the configuration files can be imported correctly. Issue 33: Under certain conditions, the anti-spoof filter does not work and allows spoofed internal messages to bypass IMSVA 9.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch ensures that anti-spoof filter works normally. Issue 34: IMSVA still receives "RCPT TO" commands from an email client for an email message that has already been rejected by the ERS/IP profiler. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This patch ensures that IMSVA drops the current connection to the email client completely after the ERS/IP profiler rejects the email message. This helps prevent the email client from sending "RCPT TO" commands for the same rejected email message. Issue 35: The smtp_conn_agent may stop unexpectedly when it encounters an empty email sender address field. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch enables the smtp_conn_agent to work normally when it encounters an empty email sender address field. Issue 36: When tlsagent processes run for a long time, a deadlock issue may occur which can prevent IMSVA from receiving email messages through port 25. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This patch prevents the deadlock issue in tlsagent processes. Issue 37: When WRS encounters a URI that is too long, it returns a -2414 error code. An issue prevents IMSVA from handling this error properly prompting it to treat the WRS server as unavailable and to notify the administrator. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch ensures that IMSVA handles the error code normally. Issue 38: Under certain conditions, IMSVA may send out policy notifications with no email body and without attaching the original email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch ensures that IMSVA attaches the original email messages to policy notifications. Issue 39: Under certain conditions, the Antispoof filter may trigger a high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch helps prevent the high CPU usage issue. Issue 40: IMSVA may not be able to import message tracing logs when the "Send the IntelliTrap samples to TrendLab" option is enabled in the antivirus policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch ensures that IMSVA can import message tracing logs normally when the option is enabled. Issue 41: IMSVA 9.1 allows users to add an IP or IP block in the Approved List even if the IP or IP block is already in the Blocked List and vice versa. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This patch ensures that users cannot add IP or IP blocks in the Approved or Blocked List if the IP or IP addresses are already in the other list. Issue 42: IMSVA still receives "RCPT TO" commands from an email client for an email message that has already been rejected by the ERS/IP profiler. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This patch ensures that IMSVA drops the current connection to the email client completely after the ERS/IP profiler rejects the email message. This helps prevent the email client from sending "RCPT TO" commands for the same rejected email message. Issue 43: Network issues can slow down the IMSVA performance because the IMSVA WRS queries the URL rating information from the Trend Micro WRS server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: To minimize the effects of network issues, this patch improves the performance of IMSVA. Issue 44: IMSVA treats a PDF file that requires a password to modify as a password-protected file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This patch allows users to enable IMSVA to distinguish between PDF files that require a password to modify and password-protected files. This prevents IMSVA from treating these PDF files as password-protected files. Issue 45: If there are tens of thousands of items in the "Sender Filtering > Blocked List", it will take a long time to sort the entries by "IP Addresses". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This patch enables IMSVA to sort a large number of Blocked List entries by "IP Addresses" faster. Issue 46: End users still receive digest email messages from IMSVA when the EUQ feature is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: This patch ensures that IMSVA does not send digest email messages to end users when the EUQ feature is disabled. Issue 47: Users cannot apply any hotfix or patch on IMSVA 9.1 if IMSVA uses an external database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 47: This patch ensures that users can install hotfixes and patches when IMSVA is using an external database. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IMSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install IMSVA 9.1 before installing this patch. You can download this package from: http://www.trendmicro.com/download/ 5. Installation ======================================================================== This section explains key steps for installing the patch. NOTE: You must install this patch on all computers running IMSVA if you are using distributed deployment mode. 5.1 Installing ===================================================================== To install: 1. Log on to the IMSVA web management console. 2. Click "Administration > Updates > System & Applications". 3. Select the patch package and upload it. 4. After a few minutes, check the latest uploaded package information to make sure the management console successfully uploaded the patch package to IMSVA. 5. If you have set up a group of IMSVA devices, select all child devices in the "Current status" section. Otherwise, select the parent device. 6. Click the "Update" button. 7. If a group has been set up, wait for all child devices to finish updating before selecting the parent device in the "Current status" section. Otherwise, go to step 10. 8. Click the "Update" button. 9. Wait for a few minutes and log on to the IMSVA web management console again. 10. Click "Administration > Updates > System & Applications". 11. Ensure that the "OS version"/"Application version" values for all items in the "Current status" section matches this patch version: OS Version: 2.6.32 Application Version: 9.1.0.1631 12. If you are using Control Manager 6.0 to manage IMSVA 9.1, install Hotfix 3425 for Control Manager 6.0 Service Pack 3. Contact the Trend Micro Support group for the hotfix package. 13. Restart all IMSVA's as scheduled. 5.2 Uninstalling ===================================================================== To roll back to the previous build: 1. Log on to the IMSVA web management console. 2. Click "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears, showing the updates and related log information. 4. Click "Rollback" to remove an update. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this release. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 9. Files Included in this Release ======================================================================== Filename Build No. --------------------------------------------------------------------- ldaprep-0.1-py2.7.egg 9.1.0.1631 ldaprep-0.1-py2.7.egg-info 9.1.0.1631 lmtp 9.1.0.1631 showq 9.1.0.1631 qmqpd 9.1.0.1631 spawn 9.1.0.1631 qmgr 9.1.0.1631 pipe 9.1.0.1631 discard 9.1.0.1631 tlsmgr 9.1.0.1631 bounce 9.1.0.1631 local 9.1.0.1631 oqmgr 9.1.0.1631 verify 9.1.0.1631 anvil 9.1.0.1631 smtpd 9.1.0.1631 scache 9.1.0.1631 error 9.1.0.1631 master 9.1.0.1631 nqmgr 9.1.0.1631 proxymap 9.1.0.1631 trivial-rewrite 9.1.0.1631 pickup 9.1.0.1631 cleanup 9.1.0.1631 flush 9.1.0.1631 smtp 9.1.0.1631 virtual 9.1.0.1631 postdrop 9.1.0.1631 postmulti 9.1.0.1631 postqueue 9.1.0.1631 postlog 9.1.0.1631 postfix 9.1.0.1631 sendmail 9.1.0.1631 postlock 9.1.0.1631 postcat 9.1.0.1631 postsuper 9.1.0.1631 postalias 9.1.0.1631 postkick 9.1.0.1631 postconf 9.1.0.1631 postmap 9.1.0.1631 mailq 9.1.0.1631 newaliases 9.1.0.1631 type99.py 9.1.0.1631 SPFPolicyd.py 9.1.0.1631 spf.py 9.1.0.1631 ipaddr.py 9.1.0.1631 test_spf.py 9.1.0.1631 spfquery.py 9.1.0.1631 libtmau.so 9.1.0.1631 libdkim.so 9.1.0.1631 libTmIbeCryptoSdk.so 9.1.0.1631 libFilterDkimEF.so 9.1.0.1631 libopendkim.so.9 9.1.0.1631 libcares.so.2 9.1.0.1631 libcurl.so.4.0.0 9.1.0.1631 libTrendAprWrapper.so 9.1.0.1631 libSSO_PKIHelper.so.1.0.0 9.1.0.1631 libcurl.so.4 9.1.0.1631 libcares.so 9.1.0.1631 libEn_Utility.so 9.1.0.1631 libEn_Utility.so.1.0.0 9.1.0.1631 libSSO_PKIHelper.so.1 9.1.0.1631 libEn_Utility.so.1 9.1.0.1631 libTrendAprWrapper.so.1 9.1.0.1631 libSSO_PKIHelper.so 9.1.0.1631 libcares.so.2.0.0 9.1.0.1631 libcurl.so 9.1.0.1631 libTrendAprWrapper.so.1.0.0 9.1.0.1631 libTmIbeCryptoSdk.so.0 9.1.0.1631 libdb-4.so 9.1.0.1631 libSSO_PKIHelper.so.1.0.0 9.1.0.1631 libEUQjni.so 9.1.0.1631 libFilterAntiSpoof.so 9.1.0.1631 libcurl.so.4 9.1.0.1631 libGsoapMtaClient.so 9.1.0.1631 libopendkim.so.9.0.1 9.1.0.1631 libem_helpr.so 9.1.0.1631 libFilterEmgrPlugin.so 9.1.0.1631 libcrypto.so.1.0.0 9.1.0.1631 libFoxParser.so 9.1.0.1631 libopendkim.so 9.1.0.1631 libtmmsg.so 9.1.0.1631 libssl.so.4 9.1.0.1631 dtv_pdfcrypto.so 9.1.0.1631 libFilterSpsTmase.so 9.1.0.1631 libdb.so 9.1.0.1631 libxml2.so.2 9.1.0.1631 libxml2.so 9.1.0.1631 libssl.so.1.0.0 9.1.0.1631 libcrypto.so 9.1.0.1631 libGsoapClient.so 9.1.0.1631 libdb-4.8.so 9.1.0.1631 libcrypto.so.4 9.1.0.1631 libcrypto.so.6 9.1.0.1631 libImssRule.so 9.1.0.1631 liblogin.so 9.1.0.1631 libssl.so 9.1.0.1631 libSSO_PKIHelper.so.1 9.1.0.1631 libtmpr.so 9.1.0.1631 libImssDAO.so 9.1.0.1631 libIMSSjni.so 9.1.0.1631 libxml2.so.2.9.2 9.1.0.1631 libProductLibrary.so 9.1.0.1631 libPolicyCaller.so 9.1.0.1631 libcurl.so.4 9.1.0.1631 libSSO_PKIHelper.so 9.1.0.1631 libTmIbeCryptoSdk.so.0.0.0 9.1.0.1631 libFilterWrs.so 9.1.0.1631 libFilterVirus.so 9.1.0.1631 libdlpEngine.so.0 9.1.0.1631 libviewmail.so 9.1.0.1631 libImssCommon.so 9.1.0.1631 c_rehash 9.1.0.1631 UpdateDlpTemplate.sh 9.1.0.1631 install_util.sh 9.1.0.1631 openssl 9.1.0.1631 ctp_update_account.sh 9.1.0.1631 S99MSGTRACING 9.1.0.1631 sync_outbound_ip.sh 9.1.0.1631 openldap.sh 9.1.0.1631 ctp_get_stats.sh 9.1.0.1631 check_outboundIP.sh 9.1.0.1631 S99IMSS 9.1.0.1631 ldapsync.sh 9.1.0.1631 bif_connect_feedback.sh 9.1.0.1631 dbupdate.sh 9.1.0.1631 sync_rcpt.sh 9.1.0.1631 imssdump 9.1.0.1631 step.py 9.1.0.1631 libdkim.so 9.1.0.1631 libcrypto.so.1.0.0 9.1.0.1631 libtmmsg.so 9.1.0.1631 libssl.so.4 9.1.0.1631 libssl.so.1.0.0 9.1.0.1631 libcrypto.so 9.1.0.1631 libcrypto.so.4 9.1.0.1631 libcrypto.so.6 9.1.0.1631 libssl.so 9.1.0.1631 libImssCommon.so 9.1.0.1631 imss.root 9.1.0.1631 root.res 9.1.0.1631 imss.dat 9.1.0.1631 received_ip_expression 9.1.0.1631 uninstall.sh 9.1.0.1631 is_euq_enable 9.1.0.1631 c_rehash 9.1.0.1631 rtstat 9.1.0.1631 euqop 9.1.0.1631 prcmd 9.1.0.1631 dkim-genzone 9.1.0.1631 openssl 9.1.0.1631 forceUpdate 9.1.0.1631 purge_scanner_info 9.1.0.1631 imssausched 9.1.0.1631 traffic_summary_gen 9.1.0.1631 dblog_janitor 9.1.0.1631 predata_gen 9.1.0.1631 smart_reporter 9.1.0.1631 report_csv_template.csv 9.1.0.1631 ibes 9.1.0.1631 certagent 9.1.0.1631 dtasagent 9.1.0.1631 aucmd 9.1.0.1631 imssps 9.1.0.1631 rt_mail_traffic 9.1.0.1631 ibe_reg 9.1.0.1631 localservermgmt 9.1.0.1631 TmFoxPurgeLog 9.1.0.1631 db_maintain 9.1.0.1631 nrslog_parser 9.1.0.1631 ibe_job_doer 9.1.0.1631 ibe_job_getter 9.1.0.1631 imp_exp 9.1.0.1631 tlsagent 9.1.0.1631 euqutil 9.1.0.1631 TmFoxFilter 9.1.0.1631 imssd 9.1.0.1631 purge_by_dbsize 9.1.0.1631 imssdump 9.1.0.1631 rptgraph.jar 9.1.0.1631 logtransfer 9.1.0.1631 imssdps 9.1.0.1631 imssmgrmon 9.1.0.1631 pemverify 9.1.0.1631 foxdns 9.1.0.1631 imsscmagent 9.1.0.1631 TmFoxProxy 9.1.0.1631 wrsagent 9.1.0.1631 dkim 9.1.0.1631 imssmgr 9.1.0.1631 euqlimpexp 9.1.0.1631 is_ipfilt_enable 9.1.0.1631 smtp_conn_agent 9.1.0.1631 imssauutil 9.1.0.1631 pack_tool 9.1.0.1631 soapclient 9.1.0.1631 libldap_r.la 9.1.0.1631 liblber-2.4.so.2.8.5 9.1.0.1631 libldap_r-2.4.so.2.8.5 9.1.0.1631 libldap-2.4.so.2.8.5 9.1.0.1631 libldap.la 9.1.0.1631 liblber.la 9.1.0.1631 liblber-2.4.so.2 9.1.0.1631 liblber.a 9.1.0.1631 libldap_r-2.4.so.2 9.1.0.1631 libldap.so 9.1.0.1631 libldap-2.4.so.2 9.1.0.1631 libldap_r.so 9.1.0.1631 libldap_r.a 9.1.0.1631 liblber.so 9.1.0.1631 libldap.a 9.1.0.1631 slapd 9.1.0.1631 slapadd 9.1.0.1631 slapdn 9.1.0.1631 slapschema 9.1.0.1631 slappasswd 9.1.0.1631 slaptest 9.1.0.1631 slapauth 9.1.0.1631 slapindex 9.1.0.1631 slapcat 9.1.0.1631 slapacl 9.1.0.1631 ldapdelete 9.1.0.1631 ldapsearch 9.1.0.1631 ldapmodify 9.1.0.1631 ldapcompare 9.1.0.1631 ldapmodrdn 9.1.0.1631 ldapexop 9.1.0.1631 ldapadd 9.1.0.1631 ldappasswd 9.1.0.1631 ldapurl 9.1.0.1631 ldapwhoami 9.1.0.1631 MessageTracing.py 9.1.0.1631 MsgTracing-0.2-py2.7.egg-info 9.1.0.1631 MsgTracing-0.2-py2.7.egg 9.1.0.1631 log_HourlyTableInitSP.sql 9.1.0.1631 upgrade_prev.sql 9.1.0.1631 dbscript.conf 9.1.0.1631 adminUI/conf/server.xml 9.1.0.1631 euqUI/conf/server.xml 9.1.0.1631 ICRCHdler.ini 9.1.0.1631 imssDefine.properties 9.1.0.1631 Agent.ini 9.1.0.1631 TOMCAT 9.1.0.1631 Spring 9.1.0.1631 python 9.1.0.1631 dracut-004-409.el6_8.2.noarch.rpm 9.1.0.1631 dracut-kernel-004-409.el6_8.2.noarch.rpm 9.1.0.1631 kernel-2.6.32-642.6.2.el6.x86_64.rpm 9.1.0.1631 kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm 9.1.0.1631 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro Smart Protection Network, InterScan, Control Manager, eManager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide