<> Trend Micro, Inc. September 27, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Suite for Linux(TM) 9.1 Build 1172 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://olr.trendmicro.com/registration Contents ================================================== 1. About InterScan Messaging Security Suite 2. What's New 3. Documentation Set 4. System Requirements 4.1 Supported Distributions 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreements ================================================== 1. About InterScan Messaging Security Suite ======================================================================== InterScan Messaging Security Suite (IMSS) is a policy-based virus protection, antispam protection and content security solution for the SMTP gateway to prevent virus outbreaks and spam and protect enterprise security integrity. The solution's customizable routing and relay restriction features are easy to deploy and interoperate with existing messaging environments. 2. What's New ======================================================================== IMSS 9.1 includes the following new and updated features: 2.1 Cloud Pre-Filter Integration ===================================================================== Cloud Pre-Filter is a hosted email security service that can filter all of your email messages before they reach your network. Pre-filtering your email messages can save you time and money. 2.2 Data Loss Prevention ===================================================================== Data Loss Prevention safeguards an organization's confidential and sensitive data-referred to as digital assets-against accidental disclosure and intentional theft. 2.3 Integration with Virtual Analyzer ===================================================================== Virtual Analyzer is an isolated virtual environment used to manage and analyze samples in Deep Discovery Analyzer. IMSS allows you to define rules to send suspicious messages to Virtual Analyzer for analysis. To achieve better load balancing and failover capabilities, IMSS allows you to add multiple servers for Virtual Analyzer. You can also enable, disable and delete Virtual Analyzer servers on the IMSS management console. 2.4 End-User Quarantine Single Sign-on(SSO) ===================================================================== IMSS now allows users to log on once to their domain and then to End-User Quarantine (EUQ) without re-entering their domain name and password. 2.5 Dashboard and Widgets ===================================================================== Real-time summaries have been replaced with a dashboard and widgets. This will provide administrators with more flexibility when viewing IMSS data. The Summary screen has been renamed System Status and appears in the left menu. 2.6 Web Reputation Enhancement ===================================================================== The Web Reputation filter has been enhanced to enable detection of URLs that have not been rated by Trend Micro. This functionality helps increase protection against advanced threats that leverage short-lived malicious websites. 2.7 Enhanced Smart Protection ===================================================================== IMSS supports both Trend Micro Smart Protection Network and Smart Protection Server as smart protection sources. Smart Protection Servers are supported to localize smart protection services to the corporate network to reduce outbound traffic and optimize efficiency. 2.8 Social Engineering Attack Protection ===================================================================== Social Engineering Attack Protection detects suspicious behaviors related to social engineering attacks in email messages. When Social Engineering Attack Protection is enabled, the Trend Micro Antispam Engine scans for suspicious behaviors in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information. If the Antispam Engine detects behaviors associated with social engineering attacks, the Antispam Engine returns details about the message to IMSS for further action, policy enforcement, or reporting. 2.9 Known Host Support ===================================================================== Known hosts include trusted mail transfer agents (MTAs) and the Cloud Pre-Filter that are deployed before IMSS on your network. IMSS enables you to specify known hosts to exempt them from Sender Filtering and graymail scanning. 2.10 Graymail ===================================================================== Graymail refers to solicited bulk email messages that are not spam. IMSS manages graymail separately from common spam to allow administrators to identify graymail messages. IP addresses specified in the graymail exception list bypass scanning. 2.11 Multiple LDAP Servers ===================================================================== IMSS supports using more than one LDAP server and has support for more LDAP server types. 2.12 Advanced Anti-malware Protection ===================================================================== The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and aggressive heuristic scanning to detect document exploits and other threats used in targeted attacks. 2.13 Time-of-Click Protection ===================================================================== IMSS provides time-of-click protection against malicious URLs in email messages. If you enable Time-of-Click Protection, IMSS rewrites URLs in email messages for further analysis. Trend Micro analyzes those URLs at the time of click and will block them if they are malicious. 2.14 Connected Threat Defense ===================================================================== Configure IMSS to subscribe to the suspicious object lists on the Trend Micro Control Manager server. Using the Control Manager console, you can specify customized actions for objects detected by the suspicious object lists to provide custom defense against threats identified by endpoints protected by Trend Micro products specific to your environment. Control Manager facilitates the investigation of targeted attacks and advanced threats using suspicious objects. Files and URLs that have the potential to expose systems to danger or loss will be detected. 2.15 Report Delivery Through Email ===================================================================== IMSS allows you to send newly generated reports and archived reports through email. Detailed views of reports will be included. 2.16 EUQ Distribution List Management ===================================================================== The web-based EUQ service allows end users to manage the spam quarantine of distribution lists that they belong to. 2.17 LDAPS Support ===================================================================== IMSS supports LDAP over SSL (LDAPS) that provides users a secure and encrypted channel to communicate with LDAP servers. 2.18 Command & Control (C&C) Contact Alert Services ===================================================================== Command & Control (C&C) Contact Alert Services provides IMSS with enhanced detection and alert capabilities to mitigate the damage caused by advanced persistent threats and targeted attacks. 2.19 EUQ Digest Inline Action Links ===================================================================== IMSS enables users to apply actions to quarantined messages through links in the EUQ digest. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Administrator's Guide -- Product overview, and configuration instructions, and basic information to get you "up and running." o Installation Guide -- Deployment, installation, and integration information designed to help you install and upgrade IMSS. o Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o Knowledge Base -- A searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Recommendations ======================================================================== Recommended System Requirements --------------------------------------------------------------------- The recommended requirements for installing IMSS are: - 8-core Intel(TM) Xeon(TM) processor or equivalent - 8 GB RAM - 2 GB swap space - At least 250 GB hard disk space Minimum System Requirements --------------------------------------------------------------------- The minimum requirements for installing IMSS are: - Dual-core Intel(TM) Xeon(TM) processor or equivalent - 4 GB RAM - 2 GB swap space - At least 80 GB hard disk space At least 500 MB of free disk space is required for installation. However, more disk space might be needed depending on message volume and certain IMSS settings. --------------------------------------------------------------------- The following is the recommended setup based on 500,000 email messages a day, a 50% quarantine rate, and one-month log preservation: - 10 GB disk space for mail storage - 50 GB or more disk space for the Admin database (By default, the Admin database is in the "/var/imss" folder) - 20 GB or more disk space for the EUQ database (By default, the EUQ database is in the "/var/imss" folder) - 40 GB or more disk space for the working queue folder (By default, the working queue folder is in the "/opt/trend/imss/queue/" folder) Browser - Microsoft Internet Explorer(TM) 10, 11 or Edge 15063 - Firefox 53 PostgreSQL: 9.6.3 LDAP Server - Microsoft Active Directory 2012 R2, 2016 - IBM Lotus Domino 8.5, 9.0 - Sun One LDAP 5.2 or above - OpenLDAP 2.4.44 Mail Transfer Agent (MTA): - Postfix 2.6 or above - Sendmail 8.14 or above Linux libraries: - Red Hat 6 (64-bit): bind-utils; lsof; wget; perl;fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; glibc.i686 - Red Hat 6 (32-bit): cyrus-sasl-md5.i686; glibc.i686 - Red Hat 7.0-7.2: nss-softokn; net-tools; bind-utils; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; glibc.i686 - Red Hat 7.3: nss-softokn; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; glibc.i686 Trend Micro Control Manager(TM) - Version 6.0 Service Pack 3 Patch 3 Hotfix 3611 Trend Micro Deep Discovery Analyzer - Version 5.8 4.1 Supported Distributions ===================================================================== The following Linux distributions are supported in this release: - Red Hat Enterprise Linux 6 Servers (6.0, 6.1, 6.2, 6.3, 6.4, 6.6, 6.7, 6.8, 6.9) - Red Hat Enterprise Linux 7 Servers (7.0, 7.1, 7.2, 7.3) 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== For installation instructions, see the IMSS 9.1 Installation Guide. For path names, IMSS supports only US-ASCII characters. After installation, by default, the IMSS server is not an Open Relay. IMSS for Linux does not contain the Postfix installation package. Use the Postfix version that comes with the operating system. If you activate Spam Prevention Solution (SPS), SPS scanning will be enabled by default. Activating SPS also activates Sender Filtering. You can enable or disable Sender Filtering at a later time from the management console. 5.2 Uninstallation ===================================================================== To uninstall IMSS 9.1, see the Installation Guide for details. 6. Post-Installation Configuration ======================================================================== After successfully installing IMSS, Trend Micro recommends performing the following post-installation configuration tasks: 1. Register and activate IMSS. 2. Configure user accounts. 3. Download the latest components to enhance security protection. 4. Configure policies and policy notifications. For detailed information about performing these tasks, see the Administrator's Guide. Note: Connection to Cloud Pre-Filter requires port 9000 to be open. If the proxy is specified on the IMSS management console, the proxy server requires port 9000 to be open. 7. Known Issues ======================================================================== The following describes known issues in this release: 7.1 IMSS attempts to convert characters to UTF8 when the subject line of an email message has no character set information, uses special characters (such as the copyright symbol), or uses double-byte characters. If the conversion to UTF8 is not successful: - The logs contain garbled characters. - IMSS quarantines the email message, and the subject field displays the message "Unsupported charset non-UTF-8" if you attempt to view the message on the management console. 7.2 To view the management console using Internet Explorer, users must first perform the following: a. Go to "Tools > Internet Options > Security > Trusted Sites > Sites". b. Add the IP address of the computer on which IMSS is installed. c. Click "Close". 7.3 To prevent IMSS from scanning messages, you can create a new rule to hand off the messages you do not want to scan. However, IMSS may still trap these messages if they trigger email scanning exceptions. This is because the mail scanning exception has a higher priority than spam filters and content filters. 7.4 IMSS cannot be installed on SeLinux (Security-Enhanced Linux) on Red Hat. 7.5 IMSS cannot be installed on Red Hat if the virtualization technology is enabled. 7.6 When installing the database for IMSS, do not use double-byte characters when specifying the database password. IMSS cannot connect to the database if double-byte characters are used in the password. 7.7 If time settings (including time zones) are not synchronized across IMSS servers, certain functions (such as log purge and End User Quarantine logon with Kerberos) may not work as expected. 7.8 IMSS detects Command & Control (C&C) email messages based on addresses only in the message header. 7.9 If the time zone setting on the IMSS server is different from that on the database server, policy event logs cannot be queried. 7.10 IMSS rewrites URLs in email messages to provide time-of-click protection. If the email messages contain both URLs and Chinese characters in plain text, IMSS extracts incorrect URLs and rewrites them improperly. 7.11 Each registered Activation Code matches a unique key. If an Activation Code has been registered to the Time-of-Click Protection service, it cannot be changed to another registered Activation Code because the matching key cannot change. 7.12 IMSS rewrites URLs in email messages to provide time-of-click protection. If users forward or reply to those email messages after the URLs have been rewritten, IMSS will check the URLs again. In this case, IMSS is unable to extract the rewritten URLs from plain text, and a return error is recorded in message tracking logs. This error does not affect users. 7.13 If certain policy event logs are not imported to the database before upgrade, it will be lost after the upgrade to IMSS 9.1. 7.14 If an email message is sent to two mailboxes of the same user, the message will be removed from both mailboxes once you delete it on the EUQ console or using the inline action. 7.15 If you add an LDAP server with LDAPS and Kerbose both enabled, the Cloud Pre-Filter recipient check will not work. If you add multiple LDAP servers with LDAPS and Kerbose both enabled, the Cloud Pre-Filter recipient check and LDAP synchronization may not work properly. 8. Release History ======================================================================== - IMSS for Linux 7.0, February 2007 - IMSS for Linux 7.0 Service Pack 1, October 2007 - IMSS for Linux 7.1, June 2009 - IMSS for Linux 7.1 Service Pack 1, October 2013 - IMSS for Linux 7.1 Service Pack 2, July 2014 See the following website for more information about updates to this product: http://docs.trendmicro.com/ 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of some Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2017£¬ Trend Micro Incorporated. All Rights Reserved. Trend Micro, the t-ball logo, Smart Protection Network, InterScan, Data Loss Prevention, and Control Manager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreements ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed by: - Selecting the "About" option on the management console