<<<>>> Trend Micro, Inc. September 30, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 8.2 2013 Service Pack 2 Patch 1 - Build 1730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check the Trend Micro web site for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About InterScan Messaging Security Virtual Appliance 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and anti-spyware. Content-filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 1.1 Overview of this Release ===================================================================== This patch includes fixes to issues discovered after the release of IMSVA 8.2 Service Pack 2. It also enhances some functions. Refer to Section 2, "What's New", for details. 1.2 Who Should Install this Release ===================================================================== Install this service pack if you currently run IMSVA 8.2 Service Pack 2. If you run previous versions of IMSVA, upgrade to IMSVA 8.2 Service Pack 2 first before installing this Patch. Refer to the "Installation Guide" available at the Trend Micro Online Help Center for upgrade recommendations and options. http://docs.trendmicro.com/ 2. What's New ======================================================================== Note: Install the patch before completing any procedures (see "Installation"). This Patch includes the following enhancements and addresses the following issues: 2.1 Enhancements ===================================================================== The following enhancements are included in this Patch: Enhancement 1: [Hot Fix 16920] EUQ Web Console - By default, the address of the EUQ web console in the EUQ digest is the IP address of the parent IMSVA device. Users can now customize the address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To change the links in the EUQ digest notification mail to FQDN: a. Install this Patch (see "Installation"). b. Connect to the database using the following command: ${IMSS_HOME}/PostgreSQL/bin/psql imss sa c. Insert the key by running the following command and replacing "FQDN" with your preferred address: insert into tb_global_setting values('euq','euq_digest_fqdn','','imss.ini',''); d. Exit the database console using the following command: \q Enhancement 2: [Hot Fix 16940] EUQ Management Distribution List - Users can now prevent IMSVA from checking if a specified email address in the distribution list of EUQ management is an email address of the distribution list that is being queried or if the user who sent the request belongs to the same distribution list. Note: Disabling the checking mechanism allows users to view quarantined email messages of any email address in the LDAP server. You should disable the checking mechanism only when necessary. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure the option: a. Install this Patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "EUQ" section and set its value to "no". [EUQ] dl_strict_check=no Note: To enable the checking mechanism, set "dl_strict_check=yes". d. Save the changes and close the file. e. Restart EUQ service using the following command: /opt/trend/imss/script/S99EUQ restart Enhancement 3: [Hot Fix 16940] LDAP Server Accounts Information - Users can now specify the value of the "mail_attr" option directly through the "imss.ini" file instead of going through the database. This option specifies which attribute stores the email address for each account on the LDAP server. Contact Trend Micro Technical Support for more details. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To specify the value of the "mail_attr" option directly through the "imss.ini" file: a. Install this Patch (see "Installation"). b. Disable the alias email address on the admin UI. c. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. d. Add the following setting under the "LDAP" section and set its value to "proxyAddresses". [LDAP] mail_attr=proxyAddresses e. Save the changes and close the file. f. Restart EUQ service using the following command: /opt/trend/imss/script/S99EUQ restart Enhancement 4: [Hot Fix 16900] Set the default value of the "Server name or IP address" field to "127.0.0.1" and the "SMTP server port" field to "10026" on the notification delivery settings page. Enhancement 5: [Hot Fix 16900] Improve the user interface for configuring "Relay Domains" and "Domain-based Delivery" to make it easier for users to configure the settings. Enhancement 6: [Hot Fix 16980] Previously, IMSVA flushes all deferred emails after the scanning service scanner restarts, whether or not Postfix deferred the emails because of an unavailable message transfer agent (MTA) or the scanning service of IMSVA stops. Hotfix_B16980 enables IMSVA to only flush part of the Postfix deferred email messages instead of flushing all email messages in the deferred queues. Enhancement 7: [Hot Fix 16980] Allow users to use non-ascii passwords to log on to the IMSVA EUQ console in simple authentication mode. Enhancement 8: [Hot Fix 17040] If the template for EUQ digest is corrupted or modified incorrectly, IMSVA may not be able to deliver digests to end users, and does not log the event. After applying Hotfix_B17040, if the digest template is corrupted or incorrectly modified, IMSVA records the log event and tries to deliver the digest. However, the digest may not be displayed correctly. Enhancement 9: [Hot Fix 17090] Currently, the spoofed internal messages filter works only on messages where the sender's domain and recipients' domains in the envelope match. Hotfix_B17090 enables the spoofed internal messages filter to work on messages where the sender's domain in the email header and the recipients' domains in the envelope match. This behavior is enabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To disable this option: a. Install this hot fix (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "no". [general] antispoof_check_from_header=no d. Save the changes and close the file. e. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 10: [Hot Fix 17120] Email messages remain in the IMSVA queue under the following special conditions: a. IMSVA cannot hand off a message completely. b. IMSVA hands off the message to the wrong downstream MTA These two conditions can occur when an email message contains another email message as an attachment and the attached email message also has an "X-IMSS-HAND-OFF-DIRECTIVE" header. This hot fix ensures that IMSVA can properly handle the "X-IMSS-HAND-OFF-DIRECTIVE" header and hands off such email messages correctly and successfully. Enhancement 11: Component Updates - The following components have been updated: - Tomcat(TM) - Apache(TM) - mod_jk - eManager(TM) Note: Refer to "Files Included in this Release" for the corresponding version information. 2.2 Resolved Known Issues ===================================================================== This Patch resolves the following issues: Issue 1: The sender address field in reports that are generated by IMSVA is case-sensitive. This violates RFC 5321. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot Fix 16810] This hot fix makes the sender address field in generated reports case-insensitive to conform with RFC 5321. Issue 2: IMSVA cannot scan encrypted messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 16810] This hot fix enables IMSVA to scan encrypted messages. Issue 3: IMSVA does not support the Domino(TM) Organization Unit (OU), which can cause problems in case of homonymy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 16820] This hot fix modifies the UserDAO library to enable IMSVA to support the Domino Organization Unit (OU). Issue 4: When IMSVA scans an email message with a ZIP64 file attachment, IMSVA only returns a -65 error code without a detailed description. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot Fix 16830] This hot fix adds a detailed description with the -65 error code and adds an option to enable IMSVA to skip email messages with a ZIP64 file attachment during scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To enable this option: a. Install this Patch (see "Installation"). b. Open "$IMSS_HOME/config/imss.ini" using a text editor. c. Add the option "VSBIgnZip64UnsupportedErr" under the "virus" section and set its value to "1". [virus] VSBIgnZip64UnsupportedErr=1 Note: If the "virus" section does not exist, add the section at the end of the file. d. Save the changes and close the file. e. Restart the IMSVA scan service using the following command: $IMSS_HOME/script/S99IMSS restart Issue 5: When the Marketing Message List (MML) messages detection feature is enabled, IMSVA inserts the "X-TM-AS-MML: Yes" header in email messages. IMSVA inserts the "X-TM-AS-MML: No" header when the same feature is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hot Fix 16830] This hot fix enables IMSVA to insert the "X-TM-AS-MML: enable" header to email messages when the MML messages detection feature is enabled and the "X-TM-AS-MML: disable" header when the feature is disabled. Issue 6: The IMSVA dashboard retrieves the security level setting of Trend Micro Deep Discovery Advisor (DDA) from the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hot Fix 16860] This hot fix ensures that the IMSVA dashboard retrieves the information from the correct source. Issue 7: When the list of suspicious IPs from the IP filtering function in IMSVA is queried, the "Total Malicious %" column in the query results displays values smaller than 1 in the ".xx%" format instead of in the "0.xx%" format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hot Fix 16900] This hot fix ensures that the values are displayed in the correct format. Issue 8: After a component update, IMSVA automatically flushes email messages that have been deferred by Postfix. Sometimes, IMSVA starts flushing these email messages before Postfix has started successfully which cause the flush task to fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hot Fix 16900] This hot fix ensures that IMSVA starts flushing deferred email messages only after Postfix has started successfully. Issue 9: After applying hot fix 16860, changes in the "Security Level Settings" on the Deep Discovery Advisor (DDA) configuration page do not appear on the dashboard. Users need to manually execute the "mailtraffic.sh restart" command to display these changes on the dashboard. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hot Fix 16900] This hot fix ensures that changes in the "Security Level Settings" always appear immediately on the dashboard. Issue 10: After applying Service Pack 2, IMSVA no longer validates the value of the "US - SSN (Social Security Number)" field in compliance templates when scanning email messages. This can cause some email messages to incorrectly trigger some rules. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hot Fix 16910] This hot fix resolves this issue. Issue 11: When users import the wrong configuration file through the "Configuration Wizard > Deployment Settings > Import Configuration Files" function, garbage characters appear on the warning message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hot Fix 16910] This hot fix ensures that the correct warning message is displayed without garbage characters. Issue 12: After applying hot fix 16860, the IMSVA web management console stops unexpectedly while processing LDAP user queries from the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hot Fix 16910] This hot fix ensures that the IMSVA web management console can process LDAP user queries from the web console without issues. Issue 13: When users select all the options under "Specific file types" in an antivirus rule or all the options under the "True file type" in an attachment rule and click "Save", the IMSVA web console displays an "HTTP Status 500" error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Hot Fix 16920] This hot fix ensures that users can successfully save antivirus rules and attachment rules that are configured as described above. Issue 14: Users cannot enable "Deep Discovery Advisor analysis summary" reports when the "deployed_at_edge" option in the database "tb_global_setting" table is set to "no". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: [Hot Fix 16920] This hot fix resolves this issue. Issue 15: To query quarantined email messages sent to a distribution list, users are required to specify one of what can be several email addresses of the distribution list. However, the EUQ management page displays the quarantined email messages that were sent to the specified email address only and not those quarantined email messages that were sent to the other email addresses of the distribution list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: [Hot Fix 16940] This hot fix ensures that IMSVA displays the quarantined email messages that were sent not only to the specified address of the distribution list but also those that were sent to all the other email addresses of the distribution list. Issue 16: An IMSVA function exports reports to CSV files that users can download. However, a vulnerability may allow users to download restricted files through the same function. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [Hot Fix 16980] This hot fix ensures the users can download only exported CSV files through this function. Issue 17: IMSVA features a user-portal login-screen where users can log on to the EUQ console. However, a vulnerability may allow some users to create filters to query information from the Active Directory which could indirectly leak out some important information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [Hot Fix 16980] This hot fix improves the input-validation process to to resolve the vulnerability. Issue 18: Sometimes, when users delete quarantined email messages from the admin console, the email messages are released before IMSVA can synchronize the deleted information to EUQ. Under this situation, imssmgr encounters an error as it attempts to release the deleted email messages because it cannot find the email messages. This can prevent users from releasing new email messages from the EUQ console until after IMSVA stops trying to handle the deleted email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: [Hot Fix 16980] This hot fix ensures the IMSVA can still handle new email messages while it attempts to handle the old deleted email messages. Issue 19: If IPv6 is disabled in IMSVA and the downstream email server has an IPv6 address, IMSVA will attempt to send email messages to this IPv6 address first and sends it to the IPv4 address only after it fails to send it to the IPv6 address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: [Hot Fix 16980] This hot fix ensures that IMSVA will not try to send email messages to an IPv6 address if IPv6 is disabled. Issue 20: Since the policy server is always forced to update policies from the database, all of the policies in its cache are erased when IMSVA cannot connect to the database during an update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: [Hot Fix 16980] This hot fix enables IMSVA to check if it can successfully connect to the database before forcing the policy server to update the policies. Issue 21: Users cannot import the exported Trend Micro InterScan Messaging Security Suite (IMSS) configuration files for Microsoft(TM) Windows(TM) 7.1 to IMSVA when the Domain- based Delivery Settings contain an asterisk "*". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: [Hot Fix 16980] This hot fix ensures that the exported IMSS configuration files can be imported to IMSVA without issues. Issue 22: Immediately after the IMSVA scan service starts and creates the "imssd.pid" file, the manager service may remove the empty file before the scan service can write any content into it. As a result, the scan service will not be restarted to load the latest engine and pattern files after updates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: [Hot Fix 16980] This hot fix resolves this issue. Issue 23: The IMSVA imssmgr service cannot start when the EUQ status in the "tb_component_list" table is "0" (disabled) and the EUQ status in the "tb_euq_db_info" database table is "1" (enabled). This inconsistency results from the use of the obsolete script "/opt/trend/imss/script/imssstart.sh", which was replaced by the script "/opt/trend/imss/script/imssctl.sh". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: [Hot Fix 16980] This hot fix ensures that IMSVA uses the correct script. Issue 24: A fatal error that occurs when too many files are opened in Postfix, can cause the Postfix "qmgr" process to close unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: [Hot Fix 16980] This hot fix resolves the issue by increasing the maximum number of files that Postfix can handle from 1024 to 8192. This ensures Postfix can handle huge mail traffic. Issue 25: A colon is missing from the information displayed after the "Internal ID" key on the "Mail Areas & Queues > Query > Quarantine" and "Mail Areas & Queues > Query > Archive" pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: [Hot Fix 16980] This hot fix adds the missing colon. Issue 26: The "Back to mail tracking" button on the "Logs > Query > Message tracking" page appears truncated after users click on the "Last Policy Action" button on the same page to see the detailed information . ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Hot Fix 16980] This hot fix ensures that the button is displayed properly. Issue 27: A "403 error page" appears when user click the tooltip on the "Policy > Scan Engine" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: [Hot Fix 16980] This hot fix prevents the error and ensures that the correct tooltip appears. Issue 28: "EUQ Digest Notification" email messages contain incorrect information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: [Hot Fix 16980] This hot fix ensures that these email notifications contain the correct information. Issue 29: The size of the "Permitted Senders of Relayed Mail" list cannot exceed 128 KB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: [Hot Fix 16990] This hot fix ensures that the size of the "Permitted Senders of Relayed Mail" list can exceed 128 KB. Issue 30: Some pages of IMSVA web management console are vulnerable to cross-site scripting (XSS) attacks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: [Hot Fix 17010] This hot fix removes the XSS vulnerabilities on these pages. Issue 31: IMSVA does not decrypt email messages with attachments that are larger than 1 MB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: [Hot Fix 17010] This hot fix enables IMSVA to decrypt email messages with attachments larger than 1 MB.. Issue 32: The sort function in "IP Filtering > Blocked List" does not work in the Chrome or version 8 and lower versions of the Microsoft Internet Explorer(TM) web browser. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: [Hot Fix 17010] This hot fix ensures that the sort function works properly. Issue 33: If "DaemonStopCountThreshold" is set to a value greater than 0, the scanner service status on the web console remains "active" after the user stops the scanner service on the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: [Hot Fix 17010] This hot fix ensures that the correct scanner service status appears on the web console. Issue 34: If an encryption exception is triggered while IMSVA encrypts an email message, the corresponding notification will not contain any information about how the email message triggered the exception. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: [Hot Fix 17010] This hot fix ensures that the notification contains the necessary information. Issue 35: The crond service still uses the old time zone setting after users change the time zone setting through the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: [Hot Fix 17010] This hot fix ensures that the crond service follows the correct time zone setting. Issue 36: After Service Pack 2 is installed, the IMSVA manager and EUQ services restart repeatedly if: - The user specifies the scanner IP address (scanner_ip_addr) in the "imss.ini" file; and - The specified address is different from the current Internal Communication Port (ICP) address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: [Hot Fix 17020] This hot fix resolves this issue and ensures that the database is updated with the correct IP address. Issue 37: Some activation codes cannot activate IMSVA during Daylight Savings Time (DST). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: [Hot Fix 17020] This hot fix that the activation codes also work during DST. Issue 38: The alias email address whose domain part contains uppercase characters cannot be synchronized to the Cloud Pre-Filter. If "Valid recipient check" is enabled in the Cloud Pre-Filter, email messages sent to this email address are rejected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: [Hot Fix 17040] This hot fix resolves this issue. Issue 39: Under certain conditions, the internal ID of an email message changes after IMSVA scans it. As a result, the corresponding message tracking log may contain the wrong information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: [Hot Fix 17040] This hot fix ensures that IMSVA changes the internal ID of an email message only when necessary. Issue 40: After applying Service Pack 2, users cannot use the "imssstart.sh" and "imssstop.sh" scripts to start or stop IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: [Hot Fix 16980] This hot fix ensures that the scripts work properly. Issue 41: On the antivirus rule settings page and true file type detection settings page of the IMSVA web console, the descriptions for Microsoft Excel(TM), PowerPoint, Word, and Access file extension names are incorrect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: [Hot Fix 17030] This hot fix corrects the descriptions for Excel, PowerPoint, Word, and Access file extension names in the affected pages of the IMSVA web console. Issue 42: In Internet Explorer 8, when users edit the contents of the "IMSVA scan performance" table on the dashboard, the user interface will not be able to display the third column completely. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: [Hot Fix 17030] This hot fix increases the column width to ensure that all of its contents are displayed correctly. Issue 43: eManager may consider some iCalendar files that contain unprintable characters, such as those used in the Thai language, as files that are in the DOS COM format. As a result, eManager will not extract the contents of these files preventing suspicious content from triggering the corresponding filters in IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: [Hot Fix 35040] This hot fix enables users to configure eManager to treat iCalendar files as text files. This ensures that eManager extracts the contents of these files and matches the file contents to the correct keywords. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 43: To configure the option: a. Install this Patch (see "Installation"). b. Open the "imss.ini" file using a text editor. c. Add the following key under "general" section. [general] TextFileExtensionList=ics d. Save the changes and close the file. e. Run the following command to restart the daemon: /opt/trend/imss/script/S99IMSS restart Issue 44: Imssmgr encounters a timeout error while processing some large email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: [Hot Fix 14010] This hot fix removes the maximum limit-checking feature for the timeout setting of the Imssmgr process to prevent the timeout error. Issue 45: IMSVA encounters an error while parsing malformed messages which prevents it from properly delivering or reprocessing some malformed messages that were quarantined by the "Malformed messages" scan exception from the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: [Hot Fix 14040] This hot fix prevents IMSVA from parsing malformed messages to ensure that it can successfully deliver or reprocess quarantined malformed messages from the Management Console. Note: After applying this hot fix, the "Quarantine & Archive Query > query" menu will still not be able to display some parts of malformed messages such as headers, messages, subjects, and message IDs because IMSVA does not parse malformed messages and when IMSVA delivers or reprocesses quarantined malformed messages, it processes the original malformed messages. Issue 46: When users modify a rule, the rule's notes section and the corresponding system event log record the time the change was made but do not add any information about the specific user account that was used to modify the rule. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: [Hot Fix 14040] This hot fix enables IMSVA to record the specific user account that was used to modify a rule in the rule's notes section and in the corresponding system event log. Issue 47: When IMSVA takes a long time to reprocess an email message it may timeout while waiting for an SMTP End of Message (EOM) command and will not be able to reprocess the email message. When this happens, IMSVA will keep retrying to reprocess the email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 47: [Hot Fix 14050] This hot fix enables IMSVA to stop reprocessing the email message and move the email message to a folder specified by the user. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 47: To specify the folder: a. Install this Patch (see "Installation"). b. Open the "imss.ini" file using a text editor. c. Add the "queue_reprocess_eom_timeout" option under "general" section and set its value to the path of the preferred folder, for example: [general] queue_reprocess_eom_timeout= /opt/trend/imss/queue/reprocess_eom_timeout Note: The specified folder must exist. If you require a new folder, create the folder in your preferred location before proceeding to the next step. d. Save the changes and close the file. e. Restart the IMSS Manager service using the following command: $IMSS_HOME/script/S99MANAGER restart Issue 48: The spam detection settings page of the IMSVA web console allows users to add email addresses that contain a quotation mark (") into the approved sender list and blocked sender list, but does not allow users to remove the addresses from the lists. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 48: [Hot Fix 14090] This hot fix enables users to remove email addresses that contain a quotation mark (") from the approved sender list or blocked sender list. Issue 49: The number of file descriptors increases after content scanning. As a result the number of files may reach the limit before the recycling IMSVA daemon runs which can trigger IMSVA to quarantine the email message or return an SMTP error code to the client. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 49: [Hot Fix 82810] This hot fix closes the file descriptor. Issue 50: IMSVA takes a long time to import a configuration that contains very long blocking and approving lists for IP Filtering. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 50: [Hot Fix 14110] This hot fix enables IMSVA to import such configurations faster. Issue 51: IMSVA may report several false positive detections in the PCI-DSS (The Payment Card Industry Data Security Standard) compliance templates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 51: [Hot Fix 17080] This hot fix updates eManager to avoid the incidence of false positive detections in the PCI-DSS compliance templates. Issue 52: The log purge function cannot purge expired quarantine or archive logs when the corresponding queue does not exist. This prevents IMSVA from recycling the log tables which can eventually prevent users from querying logs from the admin user interface. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 52: [Hot Fix 17080] This hot fix enables IMSVA to purge all expired logs without issues. Issue 53: Considering the performance impact, IMSVA only vacuums and analyzes part of the database tables everyday; IMSVA does not vacuum and analyze some tables. This situation may cause the database to eventually run out of transaction IDs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 53: [Hot Fix 17080] This hot fix provides options to enable IMSVA to vacuum and analyze the whole database at 3 A.M. during certain days of the week to prevent the database from running out of transaction IDs. The task of vacuuming and analyzing the whole database is enabled and performed at 3 A.M. on Saturday, by default. Issue 54: When users select the "All item" checkbox on the "Administration > Connections > LDAP" page, uncheck some checkboxes, and press "Delete", all the items are deleted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 54: [Hot Fix 17080] This hot fix ensures that the checkboxes work without issues. Issue 55: The TmMsg module cannot insert the disclaimer in the body of multipart/alternative email messages that use the big5 character set because the disclaimer contains special characters that do not exist in big5 code. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 55: [Hot Fix 17090] This hot fix adds an option to enable the TmMsg module to convert both the email message and the disclaimer to the UTF-8 character set if it cannot convert the disclaimer to the character set of the email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 55: To enable this option: a. Install this Patch (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following key under the "MessageModule" section and set its value to "1": [MessageModule] UseUTF8AsPreferCharsetForStamp = 1 d. Save the changes and close the file. e. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart Issue 56: When users query logs from the "Logs > Query > Policy events" page, an extra semicolon is added to the sender address in POP3 mail records. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 56: [Hot Fix 17090] This hot fix removes the extra semicolon to make sure the logs are displayed correctly. Issue 57: The IMSVA console stops unexpectedly when users specify a non-digital policy order number when adding or updating a policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 57: [Hot Fix 17090] This hot fix enables IMSVA to ensure that users specify only integer numbers for policy order number when adding or updating a policy. Issue 58: When users configure two or more LDAP servers for an Active Directory using Kerberos authentication, IMSVA will not be able to sync data from the Active Directory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 58: [Hot Fix 17090] This hot fix ensures that users can use Kerberos authentication to configure two or more LDAP servers for an Active Directory. Issue 59: When users query detailed information from the "Mail Areas & Queues > Query > Quarantine" page, IMSVA 8.2 displays only the attachments that violate a policy, however, IMSVA 8.0 displays all the attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 59: [Hot Fix 17120] This hot fix provides an option to enable IMSVA to show all attachments from the "Mail Areas & Queues > Query > Quarantine" page in detailed query results. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 59: To enable this option: a. Install this Patch (see "Installation"). b. Connect to the database using the following command on the parent device: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Add the "ShowAllAttachmentsOnQueueQueryPage" key under "tb_global_setting" and set its value to "yes" by running the following command: insert into tb_global_setting values('adminui', 'ShowAllAttachmentsOnQueueQueryPage','yes', 'imss.ini',''); Note: You must run the following command in a single line. d. Exit the database console using the following command: \q e. Restart the admin UI by running the following command: /opt/trend/imss/script/S99ADMINUI restart 3. Documentation Set ======================================================================== The documentation set for this service pack also includes the following: o Administrator's Guide -- Product overview, and configuration instructions, and basic information to get you "up and running" o Installation Guide -- Deployment, installation, and integration information designed to help you install and access IMSVA o Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task o Knowledge Base -- A searchable database of known product issues, including specific problem-solving and troubleshooting topics http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install IMSVA 8.2 Service Pack 2 before installing this Patch. You can download this package from: http://www.trendmicro.com/download/product.asp?productid=91 5. Installation/Uninstallation ======================================================================== Note: Install this service pack on all computers running IMSVA 8.2 Service Pack 2 if you are using distributed deployment mode. 5.1 Installation ===================================================================== To install this Patch: 1. Log on to the IMSVA management console. 2. Navigate to "Administration > Updates > System & Applications". 3. Select the Patch package and upload it. 4. Wait for a few minutes, and then check if the management console has successfully uploaded the service pack. 5. If you have set up a group of IMSVA devices: a. Under "Current status", select the parent device. b. Click "Update". c. Wait for the parent device to finish updating, and then select all child devices. d. Click "Update". e. Wait for a few minutes, and then log back on to the IMSVA management console. 6. Navigate to "Administration > Updates > System & Applications". 7. Ensure that the "OS version"/"Application version" values for all items under "Current status" match the following service pack version: OS Version: 2.0.1016 Application Version: 8.2.0.1730 5.2 Uninstallation ===================================================================== To roll back to the previous configuration: 1. Log on to the IMSVA management console. 2. Remove all IPv6-related settings that were configured after installation of this service pack. 3. Navigate to "Administration > Updates > System & Applications". 4. Under "Host Name", select the name of the device you want to view. A summary screen appears, showing the updates and related log information. 5. Click "Rollback". 6. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== The following are the known issues for this Patch: 7.1 Spoofed Internal Messages --------------------------------------------------------------------- IMSVA does not check for spoofed internal messages if the recipient is an IPv6 address. 7.2 SOCKS4 --------------------------------------------------------------------- SOCKS4 does not support IPv6. 7.3 Server Connection Issue --------------------------------------------------------------------- The IBE server does not support connections with the IPv6 proxy server. 7.4 IP Profiler --------------------------------------------------------------------- IP Profiler does not support IPv6. 7.5 Configuration Files --------------------------------------------------------------------- Configuration files exported from an IMSVA 8.2 build with this Patch cannot be imported into earlier IMSVA 8.2 builds. 7.6 Product License Management --------------------------------------------------------------------- Product license management does not support SOCKS connections with the IPv6 proxy server. 7.7 Web Reputation Services (WRS) Filter --------------------------------------------------------------------- The WRS filter does not analyze URLs in IPv6 format. 7.8 Log Queries and Quarantine Queries --------------------------------------------------------------------- After users change the security level, the results for log queries and quarantine queries become inconsistent with the information on the dashboard. 8. Release History ======================================================================== - IMSVA 8.2, September 16, 2011 - IMSVA 8.2 Service Pack 1, July 2012 - IMSVA 8.2 Service Pack 2, December 2012 See the following web site for more information about updates to this product: http://docs.trendmicro.com 9. Files Included in this Release ======================================================================== Filename Build No. -------------------------------------------------------------------- AddrGroupAction.class 8.2.0.1730 Base64.class 8.2.0.1730 CachedIPItem.class 8.2.0.1730 ConnLDAPAction.class 8.2.0.1730 DigestInlineActionAction.class 8.2.0.1730 DownloadReportCSVAction.class 8.2.0.1730 EUQAccessAction.class 8.2.0.1730 EUQLdapDAO.class 8.2.0.1730 EditRuleAction.class 8.2.0.1730 EmailSync.class 8.2.0.1730 EndUser.class 8.2.0.1730 EndUserBE.class 8.2.0.1730 EuqDistributionListAction.class 8.2.0.1730 EuqMgrAction.class 8.2.0.1730 LdapCacheSync$1.class 8.2.0.1730 LdapCacheSync.class 8.2.0.1730 MTASettingAction.class 8.2.0.1730 NotiSettingsAction.class 8.2.0.1730 RptResultDAO.class 8.2.0.1730 Rule.class 8.2.0.1730 RuleActionNotifyAction.class 8.2.0.1730 RuleActionTagAction.class 8.2.0.1730 RuleAttrAntiSpoofAction.class 8.2.0.1730 RuleAttrComplianceFilterAction.class 8.2.0.1730 RuleAttrKeywordAction.class 8.2.0.1730 RuleAttrMIMEAction.class 8.2.0.1730 RuleAttrNameAction.class 8.2.0.1730 RuleAttrTimeRangeAction.class 8.2.0.1730 RuleAttrTrueFileAction.class 8.2.0.1730 RuleAttrWrsAction.class 8.2.0.1730 RuleAttribute.class 8.2.0.1730 RuleVirus.class 8.2.0.1730 S99DTASAGENT 8.2.0.1730 SelectAddrAction.class 8.2.0.1730 SessionKeys.class 8.2.0.1730 SwitchOnOffPolicy.class 8.2.0.1730 UpdSchAction.class 8.2.0.1730 Utility.class 8.2.0.1730 WizardActionAppliance$1.class 8.2.0.1730 WizardActionAppliance.class 8.2.0.1730 WzrDeploy.class 8.2.0.1730 add_rule_order.jsp 8.2.0.1730 admin_euq.jsp 8.2.0.1730 anvil 8.2.0.1730 bounce 8.2.0.1730 c3_ldap.jsp 8.2.0.1730 cleanup 8.2.0.1730 cw_deploy.jsp 8.2.0.1730 cw_smtp.jsp 8.2.0.1730 db_maintain 8.2.0.1730 db_maintain.sh 8.2.0.1730 dblog_janitor 8.2.0.1730 dbscript.conf 8.2.0.1730 deferred_query_detail.jsp 8.2.0.1730 discard 8.2.0.1730 error 8.2.0.1730 euq_access_search.jsp 8.2.0.1730 euqutil 8.2.0.1730 flush 8.2.0.1730 imp_exp 8.2.0.1730 imss6Backup.properties 8.2.0.1730 imss6Common.properties 8.2.0.1730 imss6Sql.properties 8.2.0.1730 imss6System.properties 8.2.0.1730 imss6UIEvtLogs.properties 8.2.0.1730 imssctl.sh 8.2.0.1730 imssd 8.2.0.1730 imssmgr 8.2.0.1730 imssps 8.2.0.1730 imssstart.sh 8.2.0.1730 imss/script/imssstop.sh 8.2.0.1730 nrs/imssstop.sh 8.2.0.1730 ipprofile/script/imssstop.sh 8.2.0.1730 imsstasks 8.2.0.1730 ip_blocked.jsp 8.2.0.1730 ldaprep-0.1-py2.6.egg 8.2.0.1730 ldaprep-0.1-py2.6.egg-info 8.2.0.1730 libEUQjni.so 8.2.0.1730 libEmExpression.so 8.2.0.1730 libFilterAction.so 8.2.0.1730 libFilterAntiSpoof.so 8.2.0.1730 libFilterEmgrPlugin.so 8.2.0.1730 libFilterSpsTmase.so 8.2.0.1730 libFilterVirus.so 8.2.0.1730 libFoxParser.so 8.2.0.1730 libIMSSjni.so 8.2.0.1730 libImssCommon.so 8.2.0.1730 libImssDAO.so 8.2.0.1730 libImssRule.so 8.2.0.1730 libPolicyCaller.so 8.2.0.1730 libdtsearch.so 8.2.0.1730 libem_helpr.so 8.2.0.1730 libtmmsg.so 8.2.0.1730 libtmprapi.so 8.2.0.1730 libtmprapid.so 8.2.0.1730 lmtp 8.2.0.1730 local 8.2.0.1730 master 8.2.0.1730 nqmgr 8.2.0.1730 oqmgr 8.2.0.1730 pickup 8.2.0.1730 pipe 8.2.0.1730 postalias 8.2.0.1730 postcat 8.2.0.1730 postconf 8.2.0.1730 postdrop 8.2.0.1730 imss/script/postfix 8.2.0.1730 imss/postfix/usr/sbin/postfix 8.2.0.1730 postkick 8.2.0.1730 postlock 8.2.0.1730 postlog 8.2.0.1730 postmap 8.2.0.1730 postqueue 8.2.0.1730 postsuper 8.2.0.1730 predata_gen 8.2.0.1730 proxymap 8.2.0.1730 qmgr 8.2.0.1730 qmqpd 8.2.0.1730 quarantines_postpone_detail.jsp 8.2.0.1730 quarantines_query_detail.jsp 8.2.0.1730 reports_daily.jsp 8.2.0.1730 reports_monthly.jsp 8.2.0.1730 reports_onetime_add.jsp 8.2.0.1730 reports_weekly.jsp 8.2.0.1730 root.res 8.2.0.1730 rt_mail_traffic 8.2.0.1730 rtstat 8.2.0.1730 rule_attr_spam.jsp 8.2.0.1730 scache 8.2.0.1730 sendmail 8.2.0.1730 showq 8.2.0.1730 smtp 8.2.0.1730 smtp_delivery.jsp 8.2.0.1730 smtp_rule.jsp 8.2.0.1730 smtpd 8.2.0.1730 spawn 8.2.0.1730 sys_ldap_list.jsp 8.2.0.1730 sys_scan_mode.jsp 8.2.0.1730 tlsmgr 8.2.0.1730 tmpe.pol 8.2.0.1730 trivial-rewrite 8.2.0.1730 verify 8.2.0.1730 imss/postfix/usr/libexec/postfix/virtual 8.2.0.1730 imss/postfix/etc/postfix/virtual 8.2.0.1730 ConnBasic.class 8.2.0.1730 QtQueryAction.class 8.2.0.1730 imss6Backup_en.properties 8.2.0.1730 imss6Common_en.properties 8.2.0.1730 imss6Quarantines.properties 8.2.0.1730 imss6Quarantines_en.properties 8.2.0.1730 imss6System_en.properties 8.2.0.1730 imss6UIEvtLogs_en.properties 8.2.0.1730 quarantines_query.jsp 8.2.0.1730 Tomcat 6.0.37 Apache 2.2.25 Mod_jk 1.2.37 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, InterScan, eManager, and Control Manager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide