<> Trend Micro, Inc. March 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 8.5 2014 Service Pack 1 - Build 1516 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About InterScan Messaging Security Virtual Appliance 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Updated Components 2.3 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and antispyware. Content filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 1.1 Overview of This Release ===================================================================== This service pack includes fixes to issues found after IMSVA 8.5 release. It also enhances some functions. For more information, see Section 2, "What's New". 1.2 Who Should Install This Release ===================================================================== Install this service pack if you currently run IMSVA 8.5. If you run previous versions of IMSVA, upgrade to IMSVA 8.5 before installing this service pack. Refer to the Installation Guide available at the Trend Micro Online Help Center for upgrade recommendations and options. http://docs.trendmicro.com 2. What's New ======================================================================== Note: Install the service pack before completing the following procedures (see "Installation"). This service pack includes the following enhancements and addresses the following issues: 2.1 Enhancements ===================================================================== High Availability Improvement --------------------------------------------------------------------- High availability (HA) improvement enables child devices in a parent-child deployment to process email messages when the parent device goes offline. These child devices can be restarted while the parent device is offline, and system configurations are still available from the child devices. Attachment Names in Keyword Expressions --------------------------------------------------------------------- When evaluating email messages against keyword expressions, IMSVA extends the keyword expression criteria to include attachment names. This feature enables IMSVA to detect keywords in attachment names and scan messages with those attachments. 2.2 Updated Components ===================================================================== None 2.3 Resolved Known Issues ===================================================================== This service pack resolves the following issues: --------------------------------------------------------------------- Issue 1: In IMSVA, users may receive different results on the End User Quarantine (EUQ) console using different login name formats if the LDAP server type is "Active Directory". Solution 1: This solution ensures users receive the same results no matter which login name format is used. --------------------------------------------------------------------- Issue 2: If IMSVA takes a long time to process an email message, it may time out while waiting for an SMTP End of Message (EOM) command and will not be able to reprocess the email message. When this happens, IMSVA will try to reprocess the email message. Solution 2: This solution enables IMSVA to stop processing the email message and move the email message to a folder specified by the user. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To specify the folder: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file using a text editor. c. Add the "queue_reprocess_eom_timeout" option under the "general" section and set its value to the path of the preferred folder, for example: [general] queue_reprocess_eom_timeout= /opt/trend/imss/queue/reprocess_eom_timeout Note: The specified folder must exist. If you require a new folder, create the folder in your preferred location before proceeding to the next step. d. Save the changes and close the file. e. Restart the IMSVA Manager service using the following command: $IMSS_HOME/script/S99MANAGER restart --------------------------------------------------------------------- Issue 3: If the update schedule is set to hourly, daily, or weekly, IMSVA attempts to update not only at the time configured by the user, but may also update 5 minutes and 10 minutes after the configured time. Solution 3: This solution enables IMSVA to try updating only at the time configured by the user. --------------------------------------------------------------------- Issue 4: On the spam detection settings page of IMSVA management console, users can add an email address that contains the quotation mark (") into the approved sender list or blocked sender list, but the email address cannot be removed from the list. Solution 4: This solution enables users to remove email addresses that contain the quotation mark (") from the approved sender list or blocked sender list. --------------------------------------------------------------------- Issue 5: IMSVA takes a long time to import a configuration that contains very long blocking and approving lists for IP Filtering. Solution 5: This solution enables IMSVA to import such configurations faster. --------------------------------------------------------------------- Issue 6: The IMSVA configuration replication task cannot update the quarantine and archive settings while the related data in the database are locked by other processes. When this happens, the configuration replication task fails. Solution 6: This solution prevents the IMSVA configuration replication task from updating the quarantine and archive settings if there are no changes to these settings. This can help ensure that the IMSVA configuration can still be successfully replicated under the scenario described above when there are no changes to the quarantine and archive settings. --------------------------------------------------------------------- Issue 7: The IMSVA configuration replication task cannot update the name of the quarantine and archive sections. This occurs when the "tb_named_obj" table in the configuration file contains at least one object that has the same object ID and object type as another object in the "tb_named_obj" table on the target IMSVA computer. Solution 7: This solution ensures that the IMSVA configuration replication task successfully updates the name of the quarantine and archive sections in the configuration file of target IMSVA computers. --------------------------------------------------------------------- Issue 8: IMSVA adds an extra backslash to the message header when it encounters a double quotation mark followed by a backslash ("\) in any of the message header fields "To", "From", "CC" and "BCC". Solution 8: This solution prevents IMSVA from adding unnecessary backslashes to the message header. --------------------------------------------------------------------- Issue 9: The size of the "Permitted Senders of Relayed Mail" list cannot exceed 128 KB. Solution 9: This solution ensures that the size of the "Permitted Senders of Relayed Mail" list can exceed 128 KB. --------------------------------------------------------------------- Issue 10: Some pages of the IMSVA management console are vulnerable to cross-site scripting (XSS) attacks. Solution 10: This solution removes the XSS vulnerabilities from these pages. --------------------------------------------------------------------- Issue 11: IMSVA does not decrypt email messages with attachments that are larger than 1 MB. Solution 11: This solution ensures that IMSVA can decrypt email messages with attachments that are larger than 1 MB. --------------------------------------------------------------------- Issue 12: The sort function in "IP Filtering > Blocked List" does not work in Chrome or Internet Explorer 8 and earlier versions. Solution 12: This solution ensures the sort function works in these web browsers. --------------------------------------------------------------------- Issue 13: If "DaemonStopCountThreshold" is set to a value greater than 0, the scanner service status on the management console remains "active" after the user stops the scanner service on the management console. Solution 13: This solution ensures the scanner service status on the management console is always correct. --------------------------------------------------------------------- Issue 14: If an encryption exception is triggered while IMSVA encrypts an email message, the corresponding notification will not contain any information about how the email message triggered the exception. Solution 14: This solution ensures that the corresponding notification always contains information about how the email message triggered the encryption exception. --------------------------------------------------------------------- Issue 15: After IMSVA 8.2 Service Pack 2 is installed, the IMSVA Manager and EUQ services repeatedly restart if: * The user specifies the scanner IP address (scanner_ip_addr) in the imss.ini file; and * The specified address is different from the current Internal Communication Port (ICP) address. Solution 15: This solution resolves this issue and ensures that the database is updated with the correct IP address. --------------------------------------------------------------------- Issue 16: Some Activation Codes cannot activate IMSVA during daylight saving time (DST). Solution 16: This solution resolves this issue. --------------------------------------------------------------------- Issue 17: On the antivirus rule settings page and true file type detection settings page of the IMSVA management console, the descriptions for Microsoft(TM) Excel(TM), PowerPoint(TM), Word(TM), and Access(TM) file extension names are incorrect. Solution 17: This solution corrects the descriptions for Excel, PowerPoint, Word, and Access file extension names on the affected pages of the IMSVA management console. --------------------------------------------------------------------- Issue 18: The alias email address whose domain part contains characters in upper case cannot be synchronized to the Cloud Pre-Filter. As a result, email messages sent to this email address are rejected if valid recipient check is enabled on the Cloud Pre-Filter. Solution 18: This solution resolves this issue. --------------------------------------------------------------------- Issue 19: Under some scenarios, an email message's internal ID may change during IMSVA scanning. As a result, the information of this email message is incorrect in message tracking. Solution 19: This solution ensures the internal ID of an email message is changed only when necessary. --------------------------------------------------------------------- Issue 20: The TmMsg module cannot insert the disclaimer in the body of multipart/alternative email messages that use the Big5 character set because the disclaimer contains special characters that do not exist in Big5 code. Solution 20: This solution adds an option to enable the TmMsg module to convert both the email message and the disclaimer to the UTF-8 character set if it cannot convert the the disclaimer to the character set of the email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 20: To enable this option: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following key under the "MessageModule" section and set its value to "1": [MessageModule] UseUTF8AsPreferCharsetForStamp = 1 d. Save the changes and close the file. e. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart --------------------------------------------------------------------- Issue 21: When users query logs from the "Logs > Query > Policy events" page, an extra semicolon is added to the sender address in POP3 mail records. Solution 21: This solution removes the extra semicolon to make sure the logs correctly display. --------------------------------------------------------------------- Issue 22: When a user sends out an email message, a tagging mechanism may change the contents of the email message after it is analyzed by Web Reputation Service (WRS). This issue occurs because the tagging mechanism inserts "\r\n" into the "X-TM-AS-URLRatingInfo" line if the line is longer than 76 characters. Solution 22: This solution prevents the tagging mechanism from adding "\r\n" to the "X-TM-AS-URLRatingInfo" line even when the line is longer than 76 characters. This ensures that an email message's contents will not change after going through WRS. --------------------------------------------------------------------- Issue 23: Sometimes, the WRS ratings for URLs in email messages may change so that some URLs that have been rated "safe" may be marked as "untested" at a later time. Solution 23: This solution enables WRS in IMSVA 8.0 to use the "getservbyname_r" system function instead of the "getservbyname" function when rating URLs in email messages to ensure that the WRS ratings of these URLs do not change. --------------------------------------------------------------------- Issue 24: Services will not start after a component update. Solution 24: This solution will check the PID file content before restarting or stopping services. If status is crashed, IMSVA will force restart the services. --------------------------------------------------------------------- Issue 25: When an address group is used by a policy rule with a route applied to both incoming and outgoing messages, the value of 'Used in Policy' is '1' after the first time-saving operation. However, it becomes '2' after being saved once again on the "Policy List > Rule Summary" page, even though there is no information of rule modification. Because another record is inserted into table "tb_named_obj_rule", it's difficult to understand for users. Solution 25: Setting the value to '2' at the first time-saving operation because it represents the number of times being used or referenced in a rule, rather than the number of rules. --------------------------------------------------------------------- Issue 26: When Postfix is running, the PID number in the PID file is different from the PID number of the running task. The possible reason is the PID file was mistakenly deleted, and a new PID file was generated when imssmgr tries to start Postfix. Solution 26: This solution checks the PID file of Postfix, IMSVA will kill the process if the PID file does not exist while the process is running. --------------------------------------------------------------------- Issue 27: For email messages with attachment containing some characters, for example, "I" and "II", the tmmsg module cannot convert the character set from ISO-2022-JP to UTF-8, and this causes a policy match failure. Solution 27: This solution ensures all normal characters be converted successfully. --------------------------------------------------------------------- Issue 28: When the content type of an entity in email message body is text/HTML, IMSVA may mistakenly detect HTML as Social Security Number (SSN). Solution 28: This solution provides an option, if it is enabled, the scanner will extract plain text from HTML and then scan the plain text instead. To configure the option: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "[general]" section and set its value to "yes". [general] EnableExtractPlainTextFromOriginalContent = yes Note: The default value of this key is "false". d. Save the changes and close the file. e. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart --------------------------------------------------------------------- Issue 29: IMSVA cleans parts of the database on a daily basis to improve performance. IMSVA may not clean all tables. This issue may cause the database to run out of transaction IDs. Solution 29: This solution provides options to enable IMSVA to clean the whole database on certain days of the week to prevent the database from running out of transaction IDs. The task of cleaning the whole database is enabled and performed at 3:00 a.m. on Saturday, by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 29: To select another day when IMSVA runs each operation: a. Connect to the database on the parent device using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa b. Modify the value of "VacuumAnalyzeWholeDbWeekDay" to one of the following days: 0 - Sunday 1 - Monday 2 - Tuesday 3 - Wednesday 4 - Thursday 5 - Friday 6 - Saturday For example, use the following command to set the task to perform on Sunday, (wrap the command in one line): update tb_global_setting set value='0' where section='DB_Maintain' and name='VacuumAnalyzeWholeDbWeekDay'; c. Exit the database console using the following command: \q Note: The operation may run for several hours, so it is recommended to set it to run during non-peak hours. To disable the cleaning tasks on the whole database: a. Connect to the database using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa b. Set the value of "enableVacuumAnalyzeWholeDb" to "off" using the following command: update tb_global_setting set value='off' where section='DB_Maintain' and name='enableVacuumAnalyzeWholeDb'; c. Exit the database console using the following command: \q Note: Set its value to "on" to enable it. --------------------------------------------------------------------- Issue 30: When using an SMTP server for EUQ authentication (AUTH), the SMTP server may only present AUTH with no support mechanisms if the SMTP server is configured incorrectly. The EUQ user interface will not be available. Solution 30: This solution ensures that the EUQ can handle this kind of exception. Detailed error messages are recorded in logs. --------------------------------------------------------------------- Issue 31: IMSVA 8.5 does not purge outdated Smart Scan Agent Pattern files from the temporary folder. As a result, the temporary folder size increases steadily. Solution 31: This solution enables IMSVA to purge outdated Smart Scan Agent Pattern files from the temporary folder. --------------------------------------------------------------------- Issue 32: When IMSVA queries a URL from the WRS and the score of the URL is 71 but the category is 90, IMSVA treats this URL as an unrated URL. Solution 32: This solution enables IMSVA to treat URLs as unrated only when the URL score is 71. --------------------------------------------------------------------- Issue 33: The IMSVA scanning service parent process monitors and recycles child processes. However, under certain conditions, child processes that are still busy processing email messages are recycled. When this happens, users experience delays in sending and receiving email messages. Solution 33: This solution ensures that the IMSVA scanning service parent process does not recycle child process that are currently busy handling email messages. --------------------------------------------------------------------- Issue 34: The log purge function cannot purge expired quarantine or archive logs when the corresponding queue does not exist. This prevents IMSVA from recycling the log tables which can eventually prevent users from querying logs from the admin user interface. Solution 34: This solution enables IMSVA to purge all expired logs without issues. --------------------------------------------------------------------- Issue 35: If users specify non-numeric data in the ¡°Order Number¡± field at "Policy > Policy List" while modifying or adding a policy, users are not directed back to the correct page after clicking "Save". Solution 35: This solution prevents the "Order Number" field from accepting non-numeric characters to ensure that users can modify or create policies correctly. --------------------------------------------------------------------- Issue 36: When email messages are postponed, handed off, or quarantined, imssd writes the session information into an address file. imssd also decodes recipient email addresses and adds the decoded information to the address file. Since Postfix cannot recognize the decoded recipient email addresses, Postfix will not be able to deliver the email messages. Solution 36: This solution prevents imssd from decoding the recipient email addresses of postponed, handed-off, and quarantined email messages in this case to ensure that Postfix can successfully deliver these email messages. --------------------------------------------------------------------- Issue 37: By default, IMSVA stores Case Diagnostic Tool (CDT) files in its root directory "/". However, since CDT files can be large and this partition is approximately only 10 GB in size, IMSVA may sometimes experience issues when saving CDT files in this partition. Solution 37: This solution enables IMSVA to save CDT files in "/var/app_data/imss/cdt" where there is enough space to store large CDT files. --------------------------------------------------------------------- Issue 38: The current Postfix version does not provide the retry function, which triggers several "warning: connect to transport private/retry: No such file or directory" error messages on the log file. Solution 38: This solution adds the missing entry for the Postfix retry function to resolve the issue. --------------------------------------------------------------------- Issue 39: When a user's password for LDAP connections contains special characters, IMSVA may not be able to synchronize data from the LDAP server to the local LDAP cache. Solution 39: This solution resolves this issue by enabling IMSVA to escape special characters in passwords for LDAP connections. --------------------------------------------------------------------- Issue 40: When users query detailed information from the "Mail Areas & Queues > Query > Quarantine" page, IMSVA 8.5 displays only the attachments that violate a policy; however, IMSVA 8.0 displays all the attachments. Solution 40: This solution provides an option to enable IMSVA to display all attachments from the "Mail Areas & Queues > Query > Quarantine" page in detailed query results. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 40: To enable this option: a. Connect to the database on the parent device using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa b. Add the "ShowAllAttachmentsOnQueueQueryPage" key under "tb_global_setting" and set its value to "yes" by running the following command: insert into tb_global_setting values('adminui', 'ShowAllAttachmentsOnQueueQueryPage','yes', 'imss.ini',''); Note: You must run the following command in a single line. c. Exit the database console using the following command: \q --------------------------------------------------------------------- Issue 41: IMSVA does not listen to the IPv6 SMTP port if both IPv6 and IP Profiler are enabled. Solution 41: This solution enables IMSVA to listen to the IPv6 SMTP port when both IPv6 and IP Profiler are enabled. --------------------------------------------------------------------- Issue 42: If a user queries logs from "Logs > Query > Message Tracking > Cloud pre-filter + IMSVA data" using an email address that contains an apostrophe, IMSVA treats the email address as invalid and will not return any query results. Solution 42: This solution ensures that IMSVA supports all valid email addresses in querying logs. --------------------------------------------------------------------- Issue 43: IMSVA may report several false-positive detections in the Payment Card Industry Data Security Standard (PCI-DSS) compliance templates. Solution 43: This solution updates the Trend Micro eManager(TM) module to prevent false-positive detections in the PCI-DSS compliance templates. --------------------------------------------------------------------- Issue 44: When users select the "All items" check box on the "Administration > Connections > LDAP" page, uncheck some check boxes, and press "Delete", all the items are deleted. Solution 44: This solution ensures that the check boxes work without issues. --------------------------------------------------------------------- Issue 45: IMSVA cannot detect keywords from the Health Insurance Portability and Accountability Act (HIPAA) template in PDF files. Solution 45: This solution ensures that IMSVA correctly detects HIPAA template keywords in files. --------------------------------------------------------------------- Issue 46: Base64 encoding and decoding does not work when IMSVA is localized in Cyrillic. Solution 46: This solution ensures that Base 64 encoding and decoding works when IMSVA is localized in Cyrillic. --------------------------------------------------------------------- Issue 47: A PHP vulnerability may allow attackers to retrieve information through specially-crafted requests. Solution 47: This solution removes the vulnerability. --------------------------------------------------------------------- Issue 48: The "secure" attribute is missing from the encrypted session (SSL) cookie, which may allow vulnerabilities in some pages of the IMSVA management console. Solution 48: This solution adds the "secure" attribute to the encrypted (SSL) cookie to remove the vulnerability. --------------------------------------------------------------------- Issue 49: The value of the "JsessionID" attribute in the cookie does not change after a user logs on successfully to the IMSVA management console. This may allow a session fixation attack. Solution 49: This solution ensures that the value of "JsessionID" is updated promptly after a user logs on successfully to the IMSVA management console. This can help prevent the vulnerability. --------------------------------------------------------------------- Issue 50: After users log out from the IMSVA management console, they can still access the last accessed page of the console by clicking the "back" button on the browser. Solution 50: This solution resolves this issue by adding some headers to prevent the browser from caching the pages of the IMSVA management console and ensure that users can no longer access any pages by clicking the "back" button after they have successfully logged out. --------------------------------------------------------------------- Issue 51: A Cross-Site Request Forgery (CSRF) vulnerability may exist in the IMSVA management console. Solution 51: This solution removes the vulnerability. --------------------------------------------------------------------- Issue 52: IMSVA may not be able to detect spyware after the Virus Scan Engine is updated to version 10.0 or any later version. Solution 52: This solution ensures that the Virus Scan Engine version 10.0 and later can successfully detect spyware. --------------------------------------------------------------------- Issue 53: Sometimes, IMSVA does not release some memory resources that it no longer uses. Solution 53: This solution ensures that IMSVA releases memory resources that it no longer needs. --------------------------------------------------------------------- Issue 54: After IMSVA 8.5 Hot Fix 12740 is applied, when users select the preferred "filter" and "records per page" options in "IP Filtering > Blocked List" and delete a record, the page goes back to the default settings. Solution 54: This solution resolves this issue. --------------------------------------------------------------------- Issue 55: IMSVA has some defects in matching some predefined compliance template expressions: -Health Insurance Claim -American name -Home Address -Date-Full (month/day/year) Solution 55: This solution upgrades eManager to build 7.0.1112 to resolve the issues. --------------------------------------------------------------------- Issue 56: In IMSVA, when users enable an attachment file name or extension rule and choose the "Not the selected attachment names" mode, attachments that are not in the specified file name or extension list will trigger the rule. However, files that should trigger the rule but are inside a compressed file attachment do not trigger the rule. Solution 56: This solution ensures that files inside compressed files can properly trigger the rule under the scenario described above. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 56: To disable this feature: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "email-scan" section and set its value to "no". It is enabled by default. [email-scan] EnableNameExtAnyNotInCompressed=no Note: Setting the value to "no" means files inside compressed files will not trigger the rule while setting it to "yes" means files inside compressed files can trigger the rule. d. Save the changes and close the file. e. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart --------------------------------------------------------------------- Issue 57: When users filter the entries in the "blocked list" to show just one type of record, for example, "virus", and then delete a record from the list, the refreshed list reverts to the "All types" filter instead of displaying only those records of the "virus" type. Solution 57: This solution ensures that the refreshed list filters according to the same condition after the delete operation. --------------------------------------------------------------------- Issue 58: If the "Use SMTP Server for EUQ authentication" option for EUQ authentication is enabled, EUQ digest messages are sent to external addresses. Solution 58: This solution ensures that EUQ digest messages are sent to internal addresses only. --------------------------------------------------------------------- Issue 59: Some memory leak issues occur while IMSVA processes messages. Solution 59: This solution fixes the issue. --------------------------------------------------------------------- Issue 60: When users reconfigure some Configuration Wizard settings from the management console, some services that are launched from the management console may inherit some resources from Tomcat(TM). This may prevent the management console from restarting. Solution 60: This solution fixes the issue. --------------------------------------------------------------------- Issue 61: When a POP3 user issues an AUTH command without specifying a method for authentication, the user may not receive email messages. This happens because some email servers respond using different authentication methods, and IMSVA will not handle these responses. Solution 61: This solution fixes the issue. --------------------------------------------------------------------- Issue 62: A memory violation issue in a third-party module of IMSVA 8.2 may cause the ActiveUpdate module to stop unexpectedly. Solution 62: This solution updates the third-party module to resolve the memory violation issue. --------------------------------------------------------------------- Issue 63: If the notification message contents are encoded in "7bit" where the maximum length of a line is 990 characters, Postfix automatically inserts an "\r\n" without any escape sequences. This causes some garbage characters to appear in the notification. Solution 63: This solution enables IMSVA to encode the contents of notifications that use the "iso-2022-jp" character set in "base64" instead of in "7bit". Since the length of each line in "base64" is limited to 76 characters only, this can help prevent garbage characters from appearing in these notifications. --------------------------------------------------------------------- Issue 64: Virus logs that are sent from IMSVA to Trend Micro Control Manager(TM) contain the wrong virus pattern version. As a result, the wrong virus pattern version also appears in notification messages from Control Manager. Solution 64: This solution ensures that IMSVA adds the correct virus pattern version in virus logs that it sends to Control Manager to enable Control Manager to add the correct information to notification messages. --------------------------------------------------------------------- Issue 65: A bounce message created by IMSVA cannot be displayed properly. Solution 65: This solution ensures that IMSVA can properly resolve the boundary values in the message to help ensure that it can properly display the message. --------------------------------------------------------------------- Issue 66: When IMSVA scans Microsoft Excel(TM) 2003 or 2007 files and the data in a cell contains a new line, IMSVA trigger the email message incorrectly. Solution 66: This solution ensures that during scans, IMSVA does not change new lines in the cells of Excel files to spaces. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 66: To enable this option: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file in the "/config/" folder. c. Add the "emanager" section and the "EnableDMCRawNewLine=true" key under it at the end of the "imss.ini" file. [emanager] EnableDMCRawNewLine=true d. Save the changes and close the file. e. Restart the IMSVA service. --------------------------------------------------------------------- Issue 67: Some pages of the IMSVA management console may be vulnerable to cross-site scripting (XSS) attacks. Solution 67: This solution removes the XSS vulnerabilities from these pages. --------------------------------------------------------------------- Issue 68: IMSVA does not support regular expression character classes in Japanese Hiragana, Katakana, or full-width Roman characters. Solution 68: This solution adds an option to enable IMSVA to support regular expression character classes that are in Japanese Hiragana, Katakana, or full-width Roman characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 68: To enable this option: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file in the "/config/" folder. c. Add the "emanager" section and the "EnableJPFWRomanCharacterClass=true" key under it at the end of the "imss.ini" file. [emanager] EnableJPFWRomanCharacterClass=true d. Save the changes and close the file. e. Restart the IMSVA service. Note: The following regular expressions are not available because of the limitation. Negative range specification for double-byte character. [^¤¡-¤ó] [^¥¡-¥ö] [^£Á-£Ú] [^£á-£ú] The range specification of different data. [¥¢-¥¿[:alpha:]] [[:alpha:]¥¢-¥¿] [¥¢-¥¿\d] [¥¢-¥¿\D] [¥¢-¥¿\s] [¥¢-¥¿\S] [¥¢-¥¿\w] [¥¢-¥¿\W] [\d£Á-£Ú] [\D£Á-£Ú] [\s£Á-£Ú] [\S£Á-£Ú] [\w£Á-£Ú] [\W£Á-£Ú] [¥¢-¥¿[:alpha:]] --------------------------------------------------------------------- Issue 69: CMAgent (Imsscmagent.exe) always locks the imssmgr log file and does not release the old imssmgr log file immediately when a new imssmgr log file generates. As a result, users need to stop CMAgent before they can delete the old imssmgr log file. Solution 69: This solution prevents CMAgent from locking the imssmgr log file. --------------------------------------------------------------------- Issue 70: IMSVA SMTP service may stop unexpectedly when a resource is released unexpectedly. Solution 70: This solution ensures that IMSVA releases resources correctly. --------------------------------------------------------------------- Issue 71: The IMSVA monitor may display the wrong message number in the scan queue when the IMSVA daemon stops abnormally. Solution 71: This solution ensures that the IMSVA monitor always displays the correct message number in the scan queue. --------------------------------------------------------------------- Issue 72: Sometimes, the IMSVA CPU usage may reach 100 percent. Some settings may not be loaded successfully after the tsmtp service restarts. Solution 72: This solution resolves the issue. --------------------------------------------------------------------- Issue 73: The Trend Micro Control Manager(TM) agent (CMAgent) may go into a dead loop while handling certain exceptions. Solution 73: This solution ensures that the CMAgent properly handles exceptions to prevent it from going into a dead loop. --------------------------------------------------------------------- Issue 74: IMSVA may stop unexpectedly when the Common Log Module (CLM) attempts to access invalid memory space. Solution 74: The solution prevents the CLM from accessing invalid memory space. --------------------------------------------------------------------- Issue 75: Sometimes, IMSVA encounters memory leak issues. Solution 75: This solution prevents the memory leak issues. --------------------------------------------------------------------- Issue 76: The export function does not work in some Internet Explorer versions. Solution 76: This hot fix resolves the issue. --------------------------------------------------------------------- Issue 77: Some pages of the IMSVA management console are vulnerable to attackers. Solution 77: This hot fix removes the vulnerabilities from these pages. --------------------------------------------------------------------- Enhancement 78: If the template for EUQ digests is corrupted or incorrectly modified, IMSVA may fail to deliver digests to end users or record the situation in logs. After applying this solution, if the digest template is corrupted or incorrectly modified, IMSVA will record the situation in the logs and still try to deliver the digest, but the digest may display abnormally. --------------------------------------------------------------------- Enhancement 79: The spoofed internal messages filter currently works only on messages where the senders' domains and recipients' domains in the envelope match. This solution enables the spoofed internal messages filter to work on messages where the senders' domains in the email header and the recipients' domains in the envelope match. This behavior is enabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 79: To disable this option: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "general" section and set its value to "no". [general] antispoof_check_from_header=no d. Save the changes and close the file. e. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart --------------------------------------------------------------------- Enhancement 80: Email messages remain in the IMSVA queue under the following special conditions: a. IMSVA cannot hand off a message completely. b. IMSVA hands off the message to the wrong downstream MTA. These two conditions can occur when an email message contains another email message as an attachment and the attached email message has an "X-IMSS-HAND-OFF-DIRECTIVE" header. This solution ensures that IMSVA can properly handle the "X-IMSS-HAND-OFF-DIRECTIVE" header and hands off such email messages correctly and successfully. --------------------------------------------------------------------- Enhancement 81: Currently, IMSVA only allows users to add domains and IP addresses to the IP Profiler's "Approved List" and "Blocked List". This solution enables users to add IP ranges in the "IP/Mask" format like "10.64.10.10/255.255.252.0" in these lists. --------------------------------------------------------------------- Enhancement 82: Currently, if an email message has been tagged as "spam" by the pre-filter, IMSVA uses the result provided by pre-filter before scanning. Users can now disable this function. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 82: To disable the function: a. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. b. Add the following setting under the "email-scan" section and set its value to "yes". [email-scan] DisableUseImhtHeader=yes c. Save the changes and close the file. d. Restart the scan service using the following command: /opt/trend/imss/script/S99IMSS restart --------------------------------------------------------------------- Enhancement 83: This solution enables IMSVA to send product information updates that contain Activation Keys and the following product configuration information to the BIF server: - Version - product version - Build - product build - Language - product language - Prefilter - if the IMSVA prefilter is enabled - IPFiltering - if IPFiltering is enabled in IMSVA - ERS - if ERS is enabled in IMSVA - EUQ - if EUQ is enabled in IMSVA - LDAPNum - the number of configured LDAP servers - TMCM - if IMSVA is registered to Trend Micro Control Manager(TM) - Encryption - if encryption is enabled in IMSVA - DLP - if Trend Micro Data Loss Prevention(TM) (DLP) is enabled in IMSVA - ScanMode - if the Advanced Threat Scan Engine is enabled in IMSVA - ScanMethod - if Smart Scan is enabled in IMSVA - DDA - if Trend Micro Deep Discovery Advisor (DDA) is enabled in IMSVA - SMTPAuth - if SMTPAuth is enabled in IMSVA Users can disable/enable this option. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 83: To configure this option: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Open the "imss.ini" file in the "/opt/trend/imss/config" folder using a text editor. c. Add the following setting under the "bif" section and set the preferred value. [bif] bif_feedback_enable=0 , IMSVA does not send the information to the BIF server =1 , (default) IMSVA sends the information to the BIF server d. Save the changes and close the file. --------------------------------------------------------------------- Enhancement 84: This hot fix improves the performance of the policy server. This hot fix improves the performance to display the page "Policy > Policy List" as quickly as possible. --------------------------------------------------------------------- Enhancement 85: This solution enables IMSVA to search for users and user groups in the LDAP server from the management console the same way that the IMSVA daemon searches for information when users query a policy by email address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 85: To enable this feature: a. Install IMSVA 8.5 SP1 (see "Installation"). b. Log on to PostgreSQL by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa c. Insert a flag into the "tb_global_setting" table by running the following command: insert into tb_global_setting values ('general','query_ldap_group','yes','imss.ini',''); Note: This feature is disabled by default. d. Log off from PostgreSQL by running the following command: \q e. Restart adminUI by running the following command: /opt/trend/imss/script/S99ADMINUI restart 3. Documentation Set ======================================================================== The documentation set for this service pack includes the following: o High Availability Configuration Guide -- High availability description and related operations to perform if the parent device goes offline. o Administrator's Guide -- Product overview, configuration instructions, and basic information to get you "up and running" o Installation Guide -- Deployment, installation, and integration information designed to help you install and access IMSVA Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task o Knowledge Base -- A searchable database of known product issues, including specific problem-solving and troubleshooting topics http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install IMSVA 8.5 before installing this service pack. You can download this package from: http://downloadcenter.trendmicro.com 5. Installation/Uninstallation ======================================================================== Note: Install this service pack on all computers running IMSVA 8.5 if you are using distributed deployment mode. 5.1 Installation ===================================================================== To install this service pack: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Select the service pack package and upload it. 4. Wait for the service pack to upload. 5. Check that the service pack is successfully uploaded. 6. If you have set up a group of IMSVA devices: a. Under "Current status", select the parent device. b. Click "Update". c. Wait for the parent device to finish updating, and then select all child devices. d. Click "Update". e. Wait for a few minutes, and then log back on to the IMSVA management console. 6. Go to "Administration > Updates > System & Applications". 7. Ensure that the "OS version"/"Application version" values for all items under "Current status" match the following service pack version: OS Version: 2.0.1067 Application Version: 8.5.0.1516 5.2 Uninstallation ===================================================================== To roll back to the previous configuration: 1. Log on to the IMSVA management console. 2. Remove all IPv6-related settings that were configured after installation of this service pack. 3. Go to "Administration > Updates > System & Applications". 4. Under "Host Name", select the name of the device you want to view. A summary screen appears, showing the updates and related log information. 5. Click "Rollback". 6. Post-installation Configuration ======================================================================== Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== The following list outlines the known issues in this release: 7.1 If Cloud Pre-Filter deletes an email message with no subject, and a user queries that email message on the management console, the logs display "??" in the subject line. 7.2 Users cannot use the Down-Level Logon Name format (for example, "DOMAIN\UserName") to create LDAP admin accounts. IMSVA accepts only accounts that contain a User Principal Name (UPN). 7.3 If the admin database is disconnected, users cannot log on to child IMSVA devices using the "admin" account or other accounts created using the "admin" account. This issue may occur whenever a user attempts to: - Change the IP address of the parent IMSVA device; or - Log on to a child IMSVA device to change the IP address of the parent IMSVA device 7.4 The following issues occur if IMSVA is unable to convert subject line text to UTF-8. - The logs display garbled text. - IMSVA quarantines the email message and the subject field displays the message "Unsupported charset non-UTF-8" if a user attempts to view the email message through the management console. Note: IMSVA attempts to convert characters to UTF-8 whenever the subject line: - Does not contain character set information - Contains special characters (such as the copyright symbol) - Contains double-byte characters 7.5 To view the management console using Internet Explorer on computers running Windows 2003, users must first perform the following: a. Go to "Tools > Internet Options > Security > Trusted Sites > Sites". b. Add the IP address of the computer on which IMSVA is installed. c. Click "Close". 7.6 IMSVA may still scan and quarantine email messages even after a user deploys a policy with the "handoff" action. Email messages may still be quarantined if they trigger scanning exceptions because IMSVA prioritizes exceptions over spam and content filters. 7.7 If time settings (including time zones) are not synchronized across IMSVA servers, certain functions (such as log purge and EUQ sign-in with Kerberos) may not work as expected. 7.8 The monitor action "BCC" does not function for the following security settings violations (under "Scanning Exceptions"): - Total message size exceeds - Total # recipients exceeds 7.9 If the recipient address of an email message contains a whitespace character, Cloud Pre-Filter does not deliver that email message to IMSVA. 7.10 When accessing the management console using Internet Explorer 9, users must enable "Compatibility View" for the "Dashboard" to display correctly. To enable "Compatibility View": a. Open the IMSVA management console using Internet Explorer 9. b. Press "Alt" to display the Internet Explorer menu bar. c. Go to "Tools > Compatibility View". 7.11 IMSVA encounters issues when decrypting email messages that were not encrypted using UTF-8. The subject line in the decrypted email messages may contain either garbled text or a series of question marks. 7.12 IMSVA cannot perform content filtering on a PDF file if: - Access permission of the file is set to "read only"; and - The file is encrypted using RC4, and the key length is greater than 40 bits. Note: IMSVA can still perform an antivirus check on the file. 7.13 IMSVA does not check for spoofed internal messages if the recipient is an IPv6 address. 7.14 SOCKS4 does not support IPv6. 7.15 The IBE server does not support connections with the IPv6 proxy server. 7.16 IP Profiler does not support IPv6. 7.17 Product license management does not support SOCKS connections with the IPv6 proxy server. 7.18 URLs in IPv6 format are not analyzed by the WRS filter. 7.19 The data displayed on the "Dashboard" does not immediately reflect changes to the security level settings. The delay causes discrepancies with the data displayed on the "Log Query" and "Quarantine Query" screens, which are updated in real time. 7.20 IMSVA detects C&C email messages based on addresses only in the message header. 7.21 IMSVA is unable to generate one-time reports within one hour after rolling back to a previous version during the upgrade process. 7.22 IMSVA is unable to open reports generated during the dry run period of the upgrade process after rolling back to version 8.2 SP 2. 7.23 The IMSVA and Control Manager message counts for C&C email do not align. IMSVA counts all incoming and outgoing messages that trigger the filter, while Control Manager counts only outgoing messages. 7.24 If a message is deferred because of a Smart Scan query error, IMSVA incorrectly logs the action as postponed. 7.25 Smart Scan cannot fail over to Conventional Scan while in high availability mode. 8. Release History ======================================================================== IMSVA 8.5, May 7, 2013 See the following website for more information about updates to this product: http://docs.trendmicro.com 9. Files Included in this Release ======================================================================== Filename Build No. -------------------------------------------------------------------- WizardActionAppliance\$1.class 8.5.0.1516 WizardActionAppliance.class 8.5.0.1516 ConnLDAPAction\$1.class 8.5.0.1516 ConnLDAPAction.class 8.5.0.1516 BackupAction.class 8.5.0.1516 BackupAction\$ConfigFileNameFilter.class 8.5.0.1516 BackupAction\$1.class 8.5.0.1516 UpdSchAction.class 8.5.0.1516 MTASettingAction.class 8.5.0.1516 ReportHandler.class 8.5.0.1516 OutBoundIPHandler.class 8.5.0.1516 CommonParams.class 8.5.0.1516 PrefilterDAO.class 8.5.0.1516 Utility.class 8.5.0.1516 IMSACommonJNI.class 8.5.0.1516 LdapJNI.class 8.5.0.1516 LDAPAccess.class 8.5.0.1516 LdapCacheSync\$1.class 8.5.0.1516 LdapCacheSync.class 8.5.0.1516 LdapDAO.class 8.5.0.1516 ProxyInfoDAO.class 8.5.0.1516 ConnBasic.class 8.5.0.1516 MultiLDAPInterface.class 8.5.0.1516 BlockIPItem.class 8.5.0.1516 BlockIPList.class 8.5.0.1516 IPFilterDAO.class 8.5.0.1516 OverviewList.class 8.5.0.1516 TypeDefine.class 8.5.0.1516 WhiteListItem.class 8.5.0.1516 WhiteList.class 8.5.0.1516 formatxmls/OverviewXML.class 8.5.0.1516 client/BifConnect$1.class 8.5.0.1516 client/BifConnect.class 8.5.0.1516 BifInfo.class 8.5.0.1516 RuleList.class 8.5.0.1516 RuleAttribute.class 8.5.0.1516 Rule.class 8.5.0.1516 RuleFilter.class 8.5.0.1516 ResetGWAccount.class 8.5.0.1516 RcptSyncAction.class 8.5.0.1516 RcptSync.class 8.5.0.1516 EmailSync.class 8.5.0.1516 Constants.class 8.5.0.1516 LoginAction.class 8.5.0.1516 SessionFilter.class 8.5.0.1516 LogCollectionAction.class 8.5.0.1516 QtQueryAction.class 8.5.0.1516 AddBlockIPAction.class 8.5.0.1516 AddWhiteIPAction.class 8.5.0.1516 MoveBlockIPAction.class 8.5.0.1516 AddBlockIPFromCacheAction.class 8.5.0.1516 SummaryShowWidgets.class 8.5.0.1516 AddrGroupAction.class 8.5.0.1516 RuleAttrWrsAction.class 8.5.0.1516 SelectAddrAction.class 8.5.0.1516 imss6Quarantines.properties 8.5.0.1516 imss6System.properties 8.5.0.1516 imss6Errors.properties 8.5.0.1516 imss6IPfilter.properties 8.5.0.1516 imss6Sql.properties 8.5.0.1516 imss6Backup.properties 8.5.0.1516 imss6Policy.properties 8.5.0.1516 struts-config-ipfilter.xml 8.5.0.1516 commons-net-3.3.jar 8.5.0.1516 add_rule_order.jsp 8.5.0.1516 rule_attr_spam.jsp 8.5.0.1516 quarantines_query.jsp 8.5.0.1516 quarantines_postpone_detail.jsp 8.5.0.1516 quarantines_query_detail.jsp 8.5.0.1516 ip_block_add.jsp 8.5.0.1516 ip_block_details.jsp 8.5.0.1516 ip_blocked.jsp 8.5.0.1516 ip_whitelist.jsp 8.5.0.1516 ip_whitelist_add.jsp 8.5.0.1516 ip_whitelist_details.jsp 8.5.0.1516 sys_ldap_list.jsp 8.5.0.1516 validation.jsp 8.5.0.1516 expand.js 8.5.0.1516 proxy_request.php 8.5.0.1516 wfuser.php 8.5.0.1516 compact.js 8.5.0.1516 mootools-big.js 8.5.0.1516 euqUI/ROOT/WEB-INF/classes/com/trendmicro/imss /ui/modelobjects/enduser/Utility.class 8.5.0.1516 euqUI/ROOT/javascripts/Base64.js 8.5.0.1516 euqUI/ROOT/javascripts/expand.js 8.5.0.1516 euqUI/ROOT/javascripts/en/expand.js 8.5.0.1516 euqUI/ROOT/help/de/_wh/wh.min.js 8.5.0.1516 euqUI/ROOT/help/en/_wh/wh.min.js 8.5.0.1516 euqUI/ROOT/help/es/_wh/wh.min.js 8.5.0.1516 euqUI/ROOT/help/fr/_wh/wh.min.js 8.5.0.1516 euqUI/ROOT/help/it/_wh/wh.min.js 8.5.0.1516 euqUI/ROOT/help/ko/_wh/wh.min.js 8.5.0.1516 euqUI/ROOT/help/zh/_wh/wh.min.js 8.5.0.1516 euqUI/ROOT/help/zh_TW/_wh/wh.min.js 8.5.0.1516 imssd 8.5.0.1516 imssausched 8.5.0.1516 is_euq_enable 8.5.0.1516 is_ipfilt_enable 8.5.0.1516 euqutil 8.5.0.1516 imssmgr 8.5.0.1516 imssmgrmon 8.5.0.1516 dtasagent 8.5.0.1516 rtstat 8.5.0.1516 rt_mail_traffic 8.5.0.1516 foxdns 8.5.0.1516 wrsagent 8.5.0.1516 imsscmagent 8.5.0.1516 msgaction 8.5.0.1516 imssps 8.5.0.1516 report/dblog_janitor 8.5.0.1516 report/predata_gen 8.5.0.1516 report/smart_reporter 8.5.0.1516 report/traffic_summary_gen 8.5.0.1516 purge_by_dbsize 8.5.0.1516 imp_exp 8.5.0.1516 db_maintain 8.5.0.1516 purge_scanner_info 8.5.0.1516 soapclient 8.5.0.1516 imssausched 8.5.0.1516 imsstasks 8.5.0.1516 forceUpdate 8.5.0.1516 libFilterVirus.so 8.5.0.1516 libFilterWrs.so 8.5.0.1516 libFilterSpsTmase.so 8.5.0.1516 libFilterAntiSpoof.so 8.5.0.1516 libFilterEmgrPlugin.so 8.5.0.1516 libFilterDkimEF.so 8.5.0.1516 libFilterAction.so 8.5.0.1516 libImssRule.so 8.5.0.1516 libImssDAO.so 8.5.0.1516 libImssCommon.so 8.5.0.1516 libImssDKIM.so 8.5.0.1516 libIMSSjni.so 8.5.0.1516 libImssPolicy.so 8.5.0.1516 libGsoapClient.so 8.5.0.1516 libtmau.so 8.5.0.1516 libImssCrypto.so 8.5.0.1516 libeuq.so 8.5.0.1516 libEUQjni.so 8.5.0.1516 libFoxParser.so 8.5.0.1516 libPolicyCaller.so 8.5.0.1516 libPolicyUtility.so 8.5.0.1516 libtmpr.so 8.5.0.1516 libProductLibrary.so 8.5.0.1516 libem_helpr.so 8.5.0.1516 libdtsearch.so 8.5.0.1516 libtmmsg.so 8.5.0.1516 libtmprapi.so 8.5.0.1516 libtmprapid.so 8.5.0.1516 libcme_vxe_dll.so 8.5.0.1516 libdlpEngine.so.0 8.5.0.1516 root.res 8.5.0.1516 imss.dat 8.5.0.1516 imss.root 8.5.0.1516 tmpe.pol 8.5.0.1516 cfgtool.sh 8.5.0.1516 sync_slave_ldapcache.sh 8.5.0.1516 auto_import_export.sh 8.5.0.1516 mgr_monitor_restart_process.sh 8.5.0.1516 db_maintain.sh 8.5.0.1516 S99MANAGER 8.5.0.1516 S99SCHEDULED 8.5.0.1516 S99UPDATE 8.5.0.1516 S99FOXDNS 8.5.0.1516 imssctl.sh 8.5.0.1516 imp_exp.sh 8.5.0.1516 bif_connect_feedback.sh 8.5.0.1516 dbscript.conf 8.5.0.1516 rpt_FoxhunterSP.sql 8.5.0.1516 imsacdt.sh 8.5.0.1516 cdt.ini 8.5.0.1516 imssdump 8.5.0.1516 ExInterface_IMSVA_8.ini 8.5.0.1516 MessageTracing.py 8.5.0.1516 PostLogParser.py 8.5.0.1516 ScanLogParser.py 8.5.0.1516 TransacAssembler.py 8.5.0.1516 TransacConsumer.py 8.5.0.1516 MsgTracing-0.2-py2.6.egg 8.5.0.1516 MsgTracing-0.2-py2.6.egg-info 8.5.0.1516 nrslog_parser 8.5.0.1516 fox_dns_server.list 8.5.0.1516 imss6Quarantines_en.properties 8.5.0.1516 imss6System_en.properties 8.5.0.1516 imss6Errors_en.properties 8.5.0.1516 imss6Policy_en.properties 8.5.0.1516 imss6Backup_en.properties 8.5.0.1516 imss6IPfilter_en.properties 8.5.0.1516 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at the following website: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. (c) 2014 Trend Micro Incorporated. All Rights Reserved. Trend Micro, the t-ball logo, Smart Protection Network, InterScan, and Control Manager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface