<<<>>> Trend Micro, Inc. November 10, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.5 Critical Patch - Build 1220 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hot Fixes 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Overview of this Critical Patch Release ====================================================================== This critical patch resolves the following issue: Issue: An issue in the log processing function of InterScan Web Security Virtual Appliance (IWSVA) 6.5 may slow down its performance while it scans network traffic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This critical patch resolves the issue to ensure that IWSVA scans network traffic normally. 1.1 Files Included in this Release =================================================================== A. Files for Current Issue ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- libdaemon.so 1220 svcmonitor 1220 isdelvd 1220 Files for Issue ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- client.py 1220 iwss_log_converter.py 1220 logagent.sh 1220 DB.py 1220 main_pre.py 1220 PyInterface.so 1220 stats_parse.py 1220 statser.py 1220 LDAP_query_handler.py 1220 report.py 1220 logservice.sh 1220 solr_ctl.sh 1220 supervisord-solr.conf 1220 supervisord-solr_deepedge.conf 1220 mergeSQL.py 1220 S99ISCommonLog 1220 crontab.iscan 1220 tomcatctl.sh 1220 B. Files for Previous Solutions ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- libdaemon.so 1203 svcmonitor 1203 isdelvd 1203 appd 1203 urlf_section_policy_rule.jsp 1203 IWSSPIScanVsapi.so 1203 IWSSPIScanVsapi.so 1204 IWSSGui.jar 1207 replication_config.jsp 1207 central_log.jsp 1207 libiwsslog.so 1208 dtasagent 1211 libicap.so 1212 tzdata-2014h-1 1212 tzupdater.jar 1212 2. Documentation Set ====================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Readme.txt - basic installation, known issues, release history and contact information o Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 3. System Requirements ====================================================================== There are no additional requirements for installing this critical patch. 4. Installation/Uninstallation ====================================================================== 4.1 Installation =================================================================== To install this critical patch: 1. Download the "iwsva_65_ar64_en_criticalpatch_b1220.tgz" critical patch file to your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the "iwsva_65_ar64_en_criticalpatch_b1220.tgz" critical patch file and click "Open". 6. Click "Upload". Your browser uploads the critical patch file to IWSVA which validates if the file is a legitimate critical patch. 7. Click "Install" to apply the critical patch and update IWSVA to build 1220. The HTTP and FTP services in IWSVA restart automatically. NOTE: Applying this critical patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 8. Clear the browser cache. 4.2 Uninstallation =================================================================== To uninstall the critical patch: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "cpb1220" and verify the critical patch ID and description in the confirmation page that appears. 4. Click "Uninstall" to remove Critical Patch 1220 and rollback IWSVA to the previous build. The HTTP and FTP services in IWSVA restart automatically. NOTE: Removing this critical patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this critical patch. 6. Known Issues ====================================================================== There are no known issues for this critical patch. 7. Release History ====================================================================== See the following web site for more information about updates to this product: http://www.trendmicro.com/download/product.asp?productid=86 7.1 Prior Hot Fixes =================================================================== Note: Only the new hot fix was tested for this release. Prior hot fixes were tested at the time of their release. Critical Patch 1203 Issue 1: Sometimes, the recycle task of the application control daemon of IWSVA 6.5 may trigger a deadlock issue which causes the daemon to stop unexpectedly and interrupts network traffic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This critical patch changes the start sequence of the application control daemon to prevent the dead lock issue. Issue 2: [Hot Fix 1203] (TT-302360) Administrators cannot set an action for the "New Domain" URL category. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This critical patch enables administrators to set an action for the "New Domain" URL category by adding the category to the "Internet Security" group on the "URL Filtering Policy" page. Hot Fix 1204 Issue: [Hot Fix 1204] (TT-303186) Sometimes, IWSVA 6.5 cannot recognize some executable file types correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix enables IWSVA 6.5 to correctly recognize executable file types. Hot Fix 1207 Issue 1: [Hot Fix 1207] (TT-304924) Sometimes, users cannot add multiple domains in IWSVA 6.5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix ensures that users can add multiple domains in IWSVA 6.5. Issue 2: [Hot Fix 1207] (TT-302466) During daylight saving time, the replication time on the "Replication Configuration" page of the IWSVA 6.5 console is one hour behind the system time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix ensures that IWSVA 6.5 displays the correct replication time on the "Replication Configuration" page. Issue 3: [Hot Fix 1207] (TT-304858) The "Central Log/Report" and "Replication Configuration" pages of the IWSVA 6.5 console does not accept valid account passwords that contain some special characters. This happens because these pages do not use the same password validation mechanism used in the "Account Administration" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hot fix enables all three pages to use the same password validation mechanism so that valid passwords work on all three pages. Hot Fix 1208 Issue: [Hot Fix 1208] (TT-305167) If a file is in use, IWSVA locks the file globally and no other process can use this file until the global lock is released. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix replaces the global file lock with local mutex to ensure other processes are not blocked in IWSVA 6.5. Hot Fix 1211 Issue: [Hot Fix 1211] (TT-303208) Sometimes, the IWSVA agent for the Trend Micro Deep Discovery Advisor (DDA) server stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix prevents the IWSVA agent for the DDA server from stopping unexpectedly. Hot Fix 1212 Issue 1: [Hot Fix 1212] (TT-306731) In ICAP mode, when an ICAP message contains the "X-Authenticated-User" header but does not contain any "X-Authenticated-Groups" header, IWSVA 6.5 will attempt to query the group information from the LDAP server. If it cannot retrieve the information, IWSVA automatically uses the IP address information as the User ID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix enables IWSVA 6.5 to use the user name extracted from the "X-Authenticated-User" header as the User ID when it cannot retrieve the group information under the scenario described above. Issue 2: The Russian time zone setting in IMSVA 6.5 does not support Daylight Saving Time (DST) which will take effect starting on October 26, 2014. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix upgrades the Russian time zone setting in IWSVA 6.5 to enable it to support DST. 8. Contact Information ====================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro by fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ====================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, and InterScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ====================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide