<<<>>> Trend Micro Incorporated June 15, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) for IBM(TM) Domino(TM) for Microsoft(TM) Windows(TM) 5.6 32-bit Patch 2 - Build 4716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail for IBM Domino for Windows 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-installation Configuration 7. Known Issues 8. Release History 8.1 Patch 1 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail for IBM Domino for Windows ====================================================================== ScanMail for IBM Domino for Windows works in real time to prevent viruses, malicious code, and unwanted content from entering your Domino environment through mail, replication, or infected documents. 1.1 Overview of this Release =================================================================== This patch consolidates all previous hotfix releases of ScanMail for IBM Domino for Windows 5.6 32-bit. 1.2 Who Should Install this Release =================================================================== Install this release if you are running ScanMail for IBM Domino for Windows 5.6 32-bit version. 2. What's New ====================================================================== Note: Please install the patch before completing any procedures in this section (see "Installation"). This patch addresses the following issues and includes the following enhancements: 2.1 Enhancements =================================================================== The following enhancements are included in this release: no TT SMID5.6 Win EN 4643 Enhancement 1: [Hotfix 4643] Web Reputation Service - This patch enables the Web Reputation Service (WRS) to support the "Ransomware" category. This ensures that ScanMail for IBM Domino for Windows 5.6 can detect hyperlinks that contain ransomware and to record these information in the log database. no TT SMID5.6 Win EN 4659 Enhancement 2: [Hotfix 4659] Advance Threat Scan Engine - This patch enables ScanMail for Domino for Windows 5.6 to support the following new features of the Advanced Threat Scan Engine (ATSE): - "HEUR_HAS_MACR" rule (ATSE 9.740.1102 and higher builds) - aggressive rules level (ATSE 9.750.1016 and higher builds) Procedure 2: To enable the "HEUR_HAS_MACR" rule: a. Install this patch (see "Installation"). b. Update the ATSE engine to version 9.826.1149 or any higher version. c. Open "notes.ini" using a text editor. d. Add the "SMD_ATSE_HEUR_HAS_MACR_ENABLED" hidden key to "notes.ini" and set its value to "1". Note: To disable the "HEUR_HAS_MACR" rule, set the value to "0". e. Save the changes and close "notes.ini". f. Restart SMDreal. To configure aggressive rules level: a. Install this patch (see "Installation). b. Update the ATSE engine to version 9.826.1149 or any higher version. c. Open "notes.ini" using a text editor. d. Add the "SMD_ATSE_RULE_LEVEL" hidden key to "notes.ini" and set its value to the preferred level between 0 and 4. Note: If "SMD_ATSE_RULE_LEVEL" is not configured or is set to "0", the aggressive rules level is set to "4" by default. e. Save the changes and close "notes.ini". f. Restart SMDreal. SBM333491 SMID5.6 Win EN 4666 Enhancement 3: [Hotfix 4666] Scan Settings - This patch allows users to enable the following two options under the "Default Mail Scan > Scan Options > APT Prevention Filter > Scan Settings > Select attachments to scan" setting, simultaneously: - Suspicious files detected by Advanced Threat Scan Engine - Files with specified type SBM333491 SMID5.6 Win EN 4666 Enhancement 4: [Hotfix 4666] Trend Micro Deep Discovery Analyzer - This patch enables ScanMail for Domino for Windows 5.6 to support Deep Discovery Analyzer 5.5 servers. SBM346374 SMID5.6 Win EN 4705 Enhancement 5: [Hotfix 4705] Security Logs - This patch adds the following information in security logs that ScanMail for IBM Domino sends to Trend Micro Control Manager(TM). Attribute ID: SLF_CategoryIDList Data Type: X_WSTRING Value: Category/categories returned by the TMUFE query each category is separated by a comma "," Maximum Length: 64 characters no TT no Hotfix Enhancement 6: Deep Discovery Advisor - This patch adds the following settings in the Deep Discovery Advisor Settings for communicating with the Deep Discovery Advisor server. - Maximum wait time for analysis ratings - Action on unanalyzed risks 2.2 Resolved Known Issues =================================================================== This patch resolves the following issues: SBM333528 SMID5.6 windows HFB4663 Issue 1: ScanMail for IBM Domino may stop unexpectedly while scanning password-protected compressed file attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 4663] This patch upgrades the eManager engine to ensure that ScanMail for IBM Domino can scan password-protected compressed file attachments. SBM328665 SMID5.6 windows HFB4673 Issue 2: An email message may be delivered to a restricted group that the email sender cannot access. This may happen because ScanMail for IBM Domino for Windows needs to expand restricted groups and display its members before it can match rules correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4673] This patch resolves the issue by enabling ScanMail for IBM Domino for Windows to skip restricted groups and match rules for unrestricted groups only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To this error-handling mechanism: a. Install this patch (see "Installation"). b. Add the "SMDFilterUnexpandedGroup" hidden key to the "notes.ini" file and set its value to "1". c. Restart SMDreal. SBM335869 SMID5.6 windows HFB4678 Issue 3: ScanMail for IBM Domino for Windows cannot detect configuration changes in the smlists database automatically. As a result, users need to reload the smdreal process to update the configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 4678] This patch enables ScanMail for IBM Domino for Windows to update the smlists database configuration automatically. SBM335736 ISD5.6 windows HFB4679 Issue 4: An issue prevents ScanMail for IBM Domino for Windows from matching sender email addresses with the addresses in the approved and blocked senders lists of the anti-spam scanner correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 4679] This patch improves the way ScanMail for IBM Domino for Windows extracts the sender information from email messages to help ensure that it can match the information to the approved and blocked senders lists. SBM318392 no Hotfix Issue 5: The OpenSSL version used in ScanMail for IBM Domino is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix updates the MCP AgentSDK to resolve the vulnerability. SBM335056 no Hotfix Issue 6: ScanMail for IBM Domino for Windows will attempt to convert native encoding to UTF-8 if the attachment identification function of the eManager module encounters UTF-8 without BOM encoding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix updates the extract encoding method to enable ScanMail for IBM Domino for Windows to skip the information and pass it to the engine for processing. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this readme.txt, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Windows. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Windows. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== Trend Micro recommends installing the 32-bit version of ScanMail for IBM Domino for Windows 5.6 Service Pack 1 Build 4594 before installing this Patch. 5. Installation ====================================================================== This section explains key steps for installing. Refer to the "Administrator's Guide" for detailed information. 5.1 Installing =================================================================== To install: 1. Log on to the IBM Domino server as an "Administrator". 2. Close all active IBM Notes clients and account sessions. If no IBM Notes clients are open at this time, proceed to the next step. 3. Clear the password for the Domino console. If the Domino console is not password-protected, proceed to the next step. 4. Copy the "smid_56_win32_en_sp1_patch2.exe" file to a local folder on the ScanMail for IBM Domino for Windows server. 5. Double-click "smid_56_win32_en_sp1_patch2.exe". ScanMail for IBM Domino for Windows displays a message confirming that the patch installation was successful. 6. Click "Finish". The "SMID: Build 5.6.1.4716" message appears on the Domino console after the system completes the installation. 5.2 Uninstalling =================================================================== To roll back to the previous build: 1. Log on to the IBM Domino server as an "Administrator". 2. Close all active IBM Notes clients and account sessions. If no IBM Notes clients are open at this time, proceed to the next step. 3. Browse to the backup folder in ScanMail for IBM Domino for Windows installation folder. For example, "c:\Program Files\ Trend Micro\ScanMail for Domino\Hotfix\B4716". 4. Run "uninstall.bat". 5. Click "Finish". 6. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues for this patch release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in Patch 1: SBM318429 no hot fix Enhancement 1: Trend Micro Data Loss Prevention(TM) Template - The Data Loss Prevention (DLP) template has been updated to add the "My number" template. no TT no hot fix Enhancement 2: APT Prevention Filter - Some information in the "Scan Option > APT Prevention Filter" has been updated to provide a more accurate description, from "Detected by Advanced Threat Scan engine" to "Suspicious files detected by Advanced Threat Scan engine". no TT no hot fix Enhancement 3: Web Reputation Service - WRS now supports the "Ransomware" category. This ensures that ScanMail for IBM Domino for Windows 5.6 can detect hyperlinks that contain ransomware and to record these information in the log database. 8.1.2 Resolved Known Issues =================================================================== Patch 1 resolves the following issues: SBM322196 ISD5.6 Win JP 4609 ISSUE1 Issue 1: When ScanMail for IBM Domino for Windows 5.6 detects a virus in a compressed file, it still takes action on the compressed file even after it has successfully cleaned the virus from the file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 4609] ScanMail for IBM Domino for Windows 5.6 no longer takes action on a compressed file if it has successfully cleaned the virus from the file. SBM322166 SMID5.6 Win EN 4599 ISSUE1 Issue 2: The ScanMail for IBM Domino for Windows 5.6 attachment filter cannot filter attachments by extension names if it cannot retrieve the true file type of these attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4599] The ScanMail for IBM Domino for Windows 5.6 attachment filter now filters attachments by extension names even if it cannot retrieve the true file type of the attachments. SBM322152,324890,324797,322236 SMID5.6 Win EN no hotfix yet ISSUE1 Issue 3: When ScanMail for IBM Domino for Windows 5.6 scans an email message and the sender information is in the wrong format, for example "><..." or "...>", the SMDreal process stops unexpectedly and triggers the Domino server to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: ScanMail for IBM Domino for Windows 5.6 can now handle these messages properly. no TT internal review Issue 4: When both the "Security Risk Scan > Selected files" and the "APT Prevention Filter > File with specified types" options are selected, ScanMail for IBM Domino for Windows 5.6 cannot send messages to Deep Discovery Advisor for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: ScanMail for IBM Domino for Windows 5.6 can now successfully send messages to Deep Discovery Advisor for analysis under the scenario described above. no TT internal review Issue 5: When the "APT Prevention Filter > File with specified types > Executables and applications" option is selected, ScanMail for IBM Domino for Windows 5.6 does not take action on an ordinary x64 EXE/DLL file because it does not recognize that this type of file is under the "Executables and applications" category. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: ScanMail for IBM Domino for Windows 5.6 now correctly recognizes x64 EXE/DLL files. SBM322152 SMID5.6 Win EN 4627 ISSUE1 Issue 6: The Deep Discovery Analyzer server does not accept certain samples of email messages from ScanMail for IBM Domino for Windows 5.6. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 4627] When ScanMail for IBM Domino for Windows 5.6 sends email message samples to Deep Discovery Analyzer for analysis, the samples are now encoded in UTF-8 or are URL-encoded. SBM317031 SMID5.6 Win JP no hotfix yet ISSUE1 Issue 7: The End User Quarantine (EUQ) function does not work when "Cluster Trusting" is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The EUQ function now runs normally when "Cluster Trusting" is enabled. no TT internal review Issue 8: When users select one engine and one pattern file for update through the console, and the engine file is already up-to-date while the pattern file is not, ScanMail for IBM Domino for Windows 5.6 cannot save the latest pattern files in the "smdtemp/au/pattern" folder. If this happens, ScanMail cannot perform an incremental pattern update on the next pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ScanMail for IBM Domino for Windows 5.6 can now successfully save the latest pattern files in the "smdtemp/au/pattern" folder. no TT internal review Issue 9: ScanMail for IBM Domino for Windows 5.6 cannot send outbound messages that trigger rules to Deep Discovery Advisor for analysis if these messages do not contain any sender information or if ScanMail cannot retrieve the sender information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: ScanMail for IBM Domino for Windows 5.6 can now send these messages to Deep Discovery Advisor for analysis. no TT internal review Issue 10: When the "SMD_UPD_START_NEW_SCANNER" setting is configured in "notes.ini", all SMDreal processes restart when an engine or pattern is deployed. However, an issue prevents ScanMail from properly calculating the total number of SMDreal processes, as a result, the total number of running SMDreal processes increases significantly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The total number of running SMDreal processes is now calculated correctly. SBM329927 SMID5.6 Win EN no hotfix yet ISSUE1 Issue 11: The ScanMail for IBM Domino DLP filter may generate a false positive when it scans a Microsoft(TM) Excel(TM) file and is triggered by the combined contents of adjacent cells. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: Users can now allow only the contents of a single cell to trigger the DLP filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To enable this solution: a. Open "notes.ini" using a text editor. b. Add the "SMD_ENABLE_STRICT_ENTITY_MATCH" hidden key to "notes.ini" and set its value to "1". Note: To revert to the old behavior, set the value to "0". c. Save the changes and close "notes.ini". d. Restart SMDreal. SBM327477 ISD5.6 Win JP 4644 ISSUE1 Issue 12: ScanMail for IBM Domino for Windows 5.6 may stop unexpectedly while the attachment filter scans a compressed file that contains files with long path names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 4644] ScanMail for IBM Domino for Windows 5.6 can now scan this type of compressed files. 9. Files Included in this Release ====================================================================== Filename Build No. ------------------------------------------------------------------- nSMDreal.dll 5.6.1.4716 nSMDdbs.dll 5.6.1.4716 nSMDDTAS.dll 5.6.1.4716 nSMDemf.dll 5.6.1.4716 nSMDext.dll 5.6.1.4716 ProductLib.dll 5.6.1.4716 nSMDmon.dll 5.6.1.4716 nSMDupd.dll 5.6.1.4716 nSMDsch.dll 5.6.1.4716 nupdsmd.dll N/A smconf.ntf N/A smquar.ntf N/A smmsg.nsf N/A nupdsmd.dll N/A DLP template 3.1.1005 ------------------------------------------------------------------- PredefinedDLPPolicy.dat ------------------------------------------------------------------- eManager module 7.5.0.1223 ------------------------------------------------------------------- adj.dat adj.idx adv.dat adv.idx american-name.txt cme.conf cme_dll.dll cme_vxe_dll.dll data_dna.dll DlpEngine.dll em_expression.dll em_helpr.dll em_synonym.dll emDebug.dll etyv noun.dat noun.idx pthreadVC2.dll dten600.dll spanish-name.txt tmpe.pol tmpeEnum.xml verb.dat verb.idx MCP AgentSDK module 5.0.0.2173 ------------------------------------------------------------------- En_I18N.dll En_Utility.dll libapr-1.dll libcurl.dll libeay32.dll ssleay32.dll SSO_PKIHelper.dll TrendAprWrapperDll.dll zlib.dll 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, eManager, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http:/www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide