Enhancement 5: TMNotify Module - This Patch upgrades the TMNotify module to version 1.3.0.1075 to use different OID to send SNMP trap messages. The following mib file will be added in ServerProtect for Linux: "/opt/TrendMicro/SProtectLinux/SPLX.MIB" Note: If the SNMP manager uses a version of the mib file that is older than the one specified above, you should replace the old version with the file above. Enhancement 6: License Deployment Feature - This Patch upgrades the Trend Micro Control Manager(TM) Agent SDK to version 5.0.0.2165 to support license deployment from Control Manager. You can now deploy a new Activation Code or renew an existing Activation Code from Control Manager. Enhancement 7: Fixed Web UI Security Vulnerabilities - This Patch fixes all the high and medium web console security vulnerabilities found by Nessus, Acunetix Web Vulnerability Scanner, and IBM Rational AppScan. Enhancement 8: HTTP Redirect - HTTP is not a safe protocol. This Patch enables ServerProtect to switch from HTTP to HTTPS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To enable HTTP access: a. Open the "splxhttpd.conf" file in the "/opt/TrendMicro/SProtectLinux/SPLX.httpd/conf" folder. b. Comment out the four lines. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #RewriteEngine on #RewriteCond %{HTTPS} !=on #RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [C] #RewriteRule //(.*): https://$1:14943/ [R=301,L] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ c. Save the changes and close the file. d. Restart the splxhttpd service using the following command： service splxhttpd restart 2.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 6 resolves the following issues: Issue 1: The Java(TM) applet component of ServerProtect for Linux 3.0 is blocked after users update the Java Runtime Environment (JRE) module to 7u51. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Critical Patch 1403] This critical patch resolves this issue by rebuilding the Java applet component of ServerProtect for Linux 3.0 according to Oracle's notes in the following web site. https://blogs.oracle.com/java-platform-group /entry/new_security_requirements_for_rias. Issue 2: On some platform versions of Linux, the ActiveUpdate module may not be able to merge pattern files or may stop unexpectedly during an update while using up a large amount of the CPU resources. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix AU 2.85 1086] This hot fix changes a memory management function in RTPatch ("libpatch.so") to ensure that ActiveUpdate can merge pattern files and perform updates successfully. Issue 3: ServerProtect for Linux 3.0 may not be able to send the correct operating system language information to Control Manager when it is installed on the Red Hat 6 or CentOS 6 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 1421] This hot fix ensures that ServerProtect for Linux 3.0 always sends the correct operating system information to Control Manager. Issue 4: Sometimes, the "Some errors were found while stopping splx kernel module." message appears while ServerProtect for Linux 3.0 closes because the ServerProtect script does not wait long enough for the kernel module to finish unloading. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot Fix 1425] This hot fix enables the ServerProtect script to give the kernel module more time to unload while ServerProtect for Linux 3.0 closes. This can help prevent the error message from appearing. Issue 5: ServerProtect for Linux 3.0 converts file names in virus logs to "UCS-4" before sending these logs to Control Manager. Sometimes, ServerProtect for Linux 3.0 encounters an exception error while converting file names that are not in "UTF-8" format which can trigger the process "entity" to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hot Fix 1428] This hot fix enables ServerProtect for Linux 3.0 to catch the exception, then convert the file name to "ASCII" and replace non-ASCII characters with question marks. ServerProtect for Linux 3.0 then converts the "ASCII" file name to "UCS-4". Issue 6: Sometimes, ServerProtect for Linux 3.0 cannot open a file during a manual scan or scheduled scan. This triggers an error that can cause the scan to take an unusually long time to complete. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hot Fix 1431] This hot fix enables ServerProtect for Linux 3.0 to correctly handle the error so that a manual or scheduled scan runs normally when ServerProtect for Linux 3.0 cannot open a file during the scan. Issue 7: ServerProtect for Linux 3.0 does not accept public IP addresses or public domain names but these appear as examples on the SMTP settings page of the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hot Fix 1436] This hot fix deletes public IP addresses and Public Domain Names from the SMTP settings page. Issue 8: Sometimes, ServerProtect for Linux stops unexpectedly when ServerProtect for Linux tries to erase a cookie or tries to get the string value from the configuration file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Patch resolves this known issue. Issue 9: Sometimes, logs may be deleted unexpectedly after users change the log directory even when the logs are not older than the number of days specified in MaxLogDay. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This Patch ensures that ServerProtect for Linux only deletes logs that are older than the number of days specified in MaxLogDay. Issue 10: Sometimes, if ServerProtect for Linux accesses Control Manager through a secure protocol using a proxy, it may not be able to connect to Control Manager through Single Sign-On (SSO). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This Patch ensures that the from ServerProtect for Linux can connect to Control Manager through SSO under the scenario above. Issue 11: Sometimes, if the permission for the SSO_PKI_PublicKey.pem file generated by ServerProtect for Linux is incorrect, it may not be able to connect to Control Manager through SSO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This Patch ensures that the from ServerProtect for Linux can connect to Control Manager through SSO under the scenario above. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Getting Started Guide -- product overview, installation planning, installation steps and basic information intended to help you deploy ServerProtect for Linux smoothly. o Administration Guide -- Provides post-installation instructions on how to configure the settings to help you get ServerProtect for Linux "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of ServerProtect for Linux. o Readme.txt files -- version enhancements, basic installation, known issues, and release history. o Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install this patch only on computers running 32-bit ServerProtect for Linux 3.0 or higher versions released before this Patch. Note: Refer to the ServerProtect readme file for detailed system requirements for installing the product. 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== This section explains key steps for installing the software. Refer to the "Administrator's Guide" (AG) for detailed information. To install this Patch: 1. If you have registered or are going to register ServerProtect for Linux to Control Manager, make sure the latest Control Manager patch has been applied. 2. Log on as a root user. 3. Copy "splx_30_lx_en_sp1_patch6.tar.gz" to a working directory such as "/tmp/workdir". 4. Type the following commands: # cd /tmp/workdir # tar zxvf splx_30_lx_en_sp1_patch6.tar.gz # chmod u+x splx_30_lx_en_sp1_patch6.bin #./splx_30_lx_en_sp1_patch6.bin Notes: - The last command stops the ServerProtect services before installing this Patch. - ServerProtect services automatically starts after the system completes the installation process. 5.2 Uninstallation ===================================================================== To remove Patch 6 and roll back to the previous ServerProtect for Linux build: 1. Run the following command: #rpm -e splx-3.0-sp1-patch6 Note: As the configuration file, "tmsplx.xml", used by Patch 6 may not be compatible with the one used by the previous ServerProtect for Linux release version, the configuration file will be saved as "tmsplx.xml.p6.rpmsave" when you uninstall this Patch. ServerProtect for Linux will use the configuration file previously backed up when installing this Patch. 2. Manually compare and synchronize the settings between the backed-up configuration file and the configuration file used by Patch 6 to apply the same custom settings to ServerProtect for Linux. Note: You can retrieve the ServerProtect for Linux 3.0 RPM information from the "Version.ini" file in the "/opt/TrendMicro/SProtectLinux/" information folder. Refer to Section 7.1 for more information. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== 7.1 Installation Issue --------------------------------------------------------------------- Patch 6 must remove the previous ServerProtect for Linux 3.0 Patch RPM information from the RPM database to prevent inconsistencies. But due to the limitation of RPM, the previous ServerProtect for Linux 3.0 Patch information could not be restored to the RPM database. Instead, it is stored in "/opt/TrendMicro/SProtectLinux/Version.ini". 7.2 Unable to export logs in Microsoft(TM) Internet Explorer(TM) 9 when accessing the web console using the HTTPS protocol. --------------------------------------------------------------------- To resolve this known issue: 1. On Internet Explorer 9, click the settings icon, or the "Tools" menu, and then click "Internet Options". 2. On the "Advanced" tab, clear the "Do not save encrypted pages to disk" option. 3. Click "OK" to save the settings. 7.3 On Internet Explorer, the progress bar animation does not work while ServerProtect for Linux registers or unregisters from Control Manager. --------------------------------------------------------------------- To resolve this known issue: 1. On Internet Explorer, click the settings icon, or the "Tools" menu, and then click "Internet Options". 2. On the "Advanced" tab, select the "Play animations in webpages" option. 3. Click "OK" to save the settings. 4. Restart Internet Explorer and access the ServerProtect for Linux web console again. 7.4 After users update the JRE module to 7u51 or any higher version, a security notification appears when users access certain pages of the ServerProtect for Linux web console. --------------------------------------------------------------------- Users must accept the conditions on the security dialog box to ensure that they can access the "Recipients", "Proxy Settings", and "Control Manager Settings" pages without issues. 8. Release History ======================================================================== 8.1 Patch 1 ===================================================================== 8.1.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 1 provides the following enhancements: Enhancement 1: Internal HTTP Server - The internal HTTP server for ServerProtect has been updated to resolve some security issues. Enhancement 2: KHM Source Code - The KHM source code in the latest KHM packages has been updated. Enhancement 3: Kernel Debug Log - A dynamic enabling feature has been added to the kernel debug log. 8.1.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 1 resolves the following issues: Issue 1: ServerProtect for Linux does not send event logs to Control Manager if only the engine or spyware pattern is updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot Fix 1222] ServerProtect for Linux now sends event logs to Control Manager for engine or spyware pattern only updates. This enables Control Manager to send out email notifications for the status of the events, if configured to do so. Issue 2: When ServerProtect for Linux registers to Control Manager using Fully Qualified Domain Name (FQDN), the registration process may fail during the Linux system startup if the network environment is not ready. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 1224] ServerProtect for Linux now attempts to register several times within a specified period of time if the Control Manager registration fails. Issue 3: When stopping ServerProtect for Linux services, ServerProtect for Linux cannot terminate the scheduled scanning process if the real-time scanning function is not working. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 1234] ServerProtect for Linux now stops the scheduled scanning process normally when executing the "/etc/init.d/splx stop" command to stop the ServerProtect for Linux services. Issue 4: Even when the pattern file or scan engine is updated successfully, ServerProtect for Linux may generate a system log "ActiveUpdate not completed" with the reason "ActiveUpdate successfully downloaded the patch files. Patch update is now in progress". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot Fix 1241] The "WaitingTime" parameter has been added in the "ActiveUpdate" section of the "tmsplx.xml" file. The default value for the "WaitingTime" parameter is "60" seconds which is adequate for most applications. Users can reconfigure this value as needed. Issue 5: ServerProtect for Linux cannot register to Control Manager if the domain information in "/etc/resolve.conf" is too long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hot Fix 1246] Trend Micro has changed the way ServerProtect retrieves the host machine domain name to resolve the issue. Issue 6: When ServerProtect for Linux performs an update and all components are still up-to-date, the event log displays incorrect information. This prompts Control Manager to send an email notification stating "Update unsuccessful". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hot Fix 1247] ServerProtect for Linux now records this update as a successful update; Control Manager notes that there is no update needed and does not send out an "Update unsuccessful" notification. Issue 7: ServerProtect for Linux does not send email notifications when it detects a security risk by manual scan or scheduled scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hot Fix 1250] The "AlertInfectionFoundByMS" hidden key has been added to the "tmsplx.xml" file. When enabled, this key prompts ServerProtect for Linux to send email notifications for a detected security risk after a manual scan or scheduled scan. Issue 8: The PR page displays a grace expiry date that is one month earlier than the real grace expiry date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The PR page now displays the correct grace expiry date. Issue 9: The "splxhttpd" service does not stop properly if the process ID of a newly-created "splxhttpd" process is higher than the one created before it. The same issue affects the "entity" process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: ServerProtect for Linux now uses a new method to stop the "splxhttpd" and "entity" processes in the "splxhttpd" and "splxcore" script. This enables ServerProtect for Linux to stop the two processes properly. 8.2 Patch 2 ===================================================================== 8.2.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 2 provides the following enhancements: Enhancement 1: KHM Source Code - the KHM source code has been updated. Refer to the following web site for more information about the latest KHM source code: http://www.trendmicro.com/download/ kernel.asp?prodid=20 Enhancement 2: ServerProtect for Linux Web Console - The ServerProtect for Linux web console to accept square brackets ("[" and "]"). Enhancement 3: Legacy Pattern Release Files- ServerProtect for Linux can now be configured to use legacy pattern release files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To enable the option: a. Open the "tmsplx.xml" file using a text editor. b. Change the value for "PatternType" to "PATTERN_VSAPI_LEGACY". c. Restart ServerProtect for Linux using the following command: /etc/init.d/splx restart Note: When a higher pattern version is available, the key will take effect only after a successful pattern update. Enhancement 4: Registration Timeout - Users can now set the timeout value when ServerProtect registers to Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To set the timeout value: a. Open the "tmsplx.xml" file using a text editor. b. Add the "CMRegistrationTimeout" option under the "Configuration" section and set the value to the timeout duration in seconds.

c. Restart "splx" using the following command: /etc/init.d/splx restart Enhancement 5: KHM now supports the following kernels of Red Hat(TM) 4/5 and SUSE Linux Enterprise 10: Red Hat Enterprise Linux Server/Desktop 4 (i686 and x86_64) - 2.6.9-89.0.20.ELsmp i686 - 2.6.9-89.0.20.EL i686 - 2.6.9-89.0.20.ELsmp x86_64 - 2.6.9-89.0.20.EL x86_64 Red Hat Enterprise Linux Server/Desktop 5 (i686 and x86_64) - 2.6.18-164.11.1.el5PAE i686 - 2.6.18-164.11.1.el5xen i686 - 2.6.18-164.11.1.el5 i686 - 2.6.18-164.11.1.el5 x86_64 - 2.6.18-164.11.1.el5xen x86_64 SUSE Linux Enterprise 10 (Server or Desktop) (i686 and x86_64) - 2.6.16.60-0.59.1-xen i686 - 2.6.16.60-0.59.1-smp i686 - 2.6.16.60-0.59.1-bigsmp i686 - 2.6.16.60-0.59.1-smp x86_64 - 2.6.16.60-0.59.1-xen x86_64 - 2.6.16.60-0.59.1-default x86_64 8.2.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 2 resolves the following issues: Issue 1: If the debug log is enabled and users start a manual or scheduled update while an update process is running, the following message appears in the debug log: "Find the previous manual/schedule scan." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The log has been changed to: "Find the previous manual/schedule update." Issue 2: When users register ServerProtect for Linux to Control Manager in text mode and the registration fails, the ActiveUpdate server still changes to "TMCM update server". This prompts ServerProtect for Linux to ask the user to unregister from Control Manager first the next time the user attempts to register to Control Manager in text mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been resolved. Issue 3: When users make changes to the manual scan options, some changes may not take effect when users start a manual scan by clicking "Scan now" from the "Summary" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue has been resolved. 8.3 Patch 3 ===================================================================== 8.3.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 3 provides the following enhancements: Enhancement 1: KHM Source Code - The KHM source code has been updated. Refer go to the following web site for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Users can now set the maximum size of files for scans. This improves the ServerProtect for Linux performance while scanning a large number of compressed files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure the option: a. Open "tmsplx.xml" file using a text editor. b. Add the "RealtimeNotScanSize" and "OnDemandNotScanSize" keys under the "Scan" section and set the value to a positive integer in megabytes.

c. Restart the ServerProtect for Linux service. Note: The key does not take effect if the value is set to "0". "RealtimeNotScanSize" is for real-time scans; "OnDemandNotScanSize" is for manual and scheduled scans. Enhancement 3: Users can now prevent ServerProtect from deleting the old "TmuDump.txt" ActiveUpdate log and append new ActiveUpdate logs to the existing log file instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To enable the option: a. Open the "tmsplx.xml" file using a text editor. b. Add the "KeepAULog" option under the "ActiveUpdate" section and set its value to "1".

c. Restart the ServerProtect for Linux service. To control the total size of "TmuDump.txt": a. Open the "aucfg.ini" file under the "/opt/TrendMicro/SProtectLinux/" folder using a text editor. b. Add the "log_size" key under the "debug" section of the "aucfg.ini" file and set its value to the size limit in megabytes. For example, to set the size limit of the "TmuDump.txt" file to 1 MB, set: [debug] log_size = 1 c. Save the changes to the "aucfg.ini" file. Enhancement 4: Users can now create a list of approved process names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To create/edit the list of approved processes: a. Open the "tmsplx.xml" file using a text editor. b. Add the "RealtimeExcludeCommand" key under the "Scan" section and specify the approved processes separating multiple commands using a colon (:). For example:

Note: The feature can only take effect after you apply KHM version above 3.0.0.0005. This feature supports only the asterisk (*) and question mark (?) as wild card characters and behaves similarly to the real-time scan exclusion list setting. Enhancement 5: KHM now supports the use of the asterisk (*) and question mark (?) as wild card characters in the "Exclude these locations" and "Exclude the specified files" fields of the real-time scan exclusion list. 8.3.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 3 resolves the following issues: Issue 1: While establishing an SMTP session with the email server to send email notifications from ServerProtect for Linux, ServerProtect for Linux sends a "HELO" command to the email server before the email server's greeting message arrives. As a result, ServerProtect for Linux treats the greeting message as the email server's response to the "HELO" command. This causes an error that prevents ServerProtect for Linux from establishing the SMTP session and sending out the email notification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot Fix 1301] ServerProtect for Linux now sends out email notifications without issues. Issue 2: After applying ServerProtect for Linux 3.0 Service Pack 1 Patch 2, the ServerProtect real-time scan may take an unusually long amount of time to scan compressed files containing a large number of files even when the current real-time scan setting is set to skip most of the files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 1307] An unnecessary delay operation added in Patch 2. has been deleted to resolve the issue. Issue 3: ServerProtect for Linux CDT tools do not collect some important information such as log messages, KHM information and the ActiveUpdate (AU) log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 1310] ServerProtect for Linux CDT tools now collect "/var/log/messages", AU logs, and KHM information. Issue 4: ServerProtect for Linux does not automatically register to Control Manager if Control Manager starts after ServerProtect for Linux. When registration fails, ServerProtect for Linux will not show the registration information that was previously entered on the Web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot Fix 1311] An auto-register process has been added in ServerProtect for Linux to resolve this issue. Issue 5: A vulnerability exists in the ServerProtect for Linux 3.0 "splxhttpd" binary file containing OpenSSL 0.9.8i. Remote attackers can exploit this vulnerability and use malformed records in a HTTPS connection with ServerProtect for Linux to cause ServerProtect for Linux to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The OpenSSL module in "splxhttpd" has been upgraded to resolve this issue. 8.4 Patch 4 ===================================================================== 8.4.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 4 provides the following enhancements: Enhancement 1: KHM Source Code - The KHM source code has been updated. Refer to the following web site for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Apache Server - The Apache server and the OpenSSL module in the Apache server have been updated. 8.4.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 4 resolves the following issues: Issue 1: ServerProtect for Linux sends the last VSAPI and virus pattern update time to Control Manager in the GMT time zone. This prevents Control Manager from displaying the update time in local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot Fix 1318] ServerProtect for Linux now sends Control Manager the last VSAPI and virus pattern update time in local time. Issue 2: During manual scans, ServerProtect for Linux displays "ERROR" and "-1" scanned files on the Web page if the total number of files for scanning has not been updated in a long time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 1321] This issue has been resolved. Issue 3: Under certain conditions, when the ServerProtect for Linux real-time scan detects a virus in a compressed file, the virus/spyware log for the compressed file does not display a virus name and action result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 1322] The virus/spyware logs now display the correct virus name and action result. Issue 4: Error logs appear in "/var/log/messages" when some hidden keys introduced in Patch 3 are not configured. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot Fix 1340] Error logs now appear in "/var/log/messages" only when the debug log level is set to "5". Issue 5: ServerProtect for Linux uses an older version of the VSAPI engine on the Red Hat Enterprise Linux 6 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: ServerProtect for Linux now uses the latest VSAPI engine for the Red Hat Enterprise Linux 6 platform. 8.5 Patch 5 ===================================================================== 8.5.1 Enhancements ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 5 includes the following enhancements: Enhancement 1: KHM Source Code - KHM source code has been updated to version 3.0.1.0010. Refer to the following web site for more information about the latest KHM source code: http://downloadcenter.trendmicro.com/ index.php?clk=tbl&clkval=111®s=NABU&lang_loc =1#undefined Enhancement 2: Apache Server - The Apache server has been upgraded to version 2.2.25, and the OpenSSL module in the Apache server to version 1.0.1e. Enhancement 3: ActiveUpdate Module - The ActiveUpdate (AU) module has been upgraded to version 2.85 and the following three folders: - "/opt/TrendMicro/SProtectLinux/AU_Cache" - "/opt/TrendMicro/SProtectLinux/AU_Temp" - "/opt/TrendMicro/SProtectLinux/AU_Log" have been moved to: - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Cache" - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Temp" - "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Log" 8.5.2 Resolved Known Issues ===================================================================== ServerProtect for Linux 3.0 Service Pack 1 Patch 5 resolves the following issues: Issue 1: ServerProtect for Linux sends a notification for an outdated pattern file even when the pattern file is up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot Fix 1358] The way ServerProtect for Linux determines whether a pattern file is up-to-date or not has been enhanced to ensures that ServerProtect for Linux sends out an outdated pattern file notification only when a pattern file is outdated. Issue 2: Users do not receive any notifications after ServerProtect for Linux disables the Real-time Scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 1359] An option has been added to ensure that users receive notifications even after ServerProtect for Linux disables the Real-time Scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To enable this feature: a. Stop ServerProtect for Linux. b. Open the "tmsplx.xml" file under the "/opt/TrendMicro/SProtectLinux/" folder. c. Locate the "AlertRealtimeScanStatus" key under the "Scan" section and set it to the following:

d. Save the changes and close the "tmsplx.xml" file. e. Start ServerProtect for Linux. Issue 3: When users choose to update multiple components and one or more components, but not all, update successfully, the last update time of all selected components will be updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 1363] Now, only the last update time of successfully updated components are changed in this case. Issue 4: Control Manager does not support the display of any information about the new engine for the Common Internet File System (CIFS) in ServerProtect for Linux. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Critical Patch 1366] Control Manager now displays the necessary information about the new engine for CIFS in ServerProtect for Linux. Issue 5: The warning message that appears during an update to warn users that the product license has expired contains a typographical error. In the message, "perion" was used instead of "period". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hot Fix 1371] The typographical error in the notification has been corrected. Issue 6: The cron job setting is not updated with all the rest of the ServerProtect for Linux settings during configuration replication from one computer to another through the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hot Fix 1372] The cron job setting is now always updated with the rest of the ServerProtect for Linux settings during configuration replication from one computer to another through the Control Manager console. Issue 7: By default, Scheduled Scan and Manual Scan modify the last access time of files after scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hot Fix 1383] An option has been added to prevent Scheduled Scan and Manual Scan from modifying a file's last access time if the file is not infected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To enable this feature: a. Stop ServerProtect for Linux. b. Open the "tmsplx.xml" file. c. Locate the "DisableAtimeNoChange" key under the "Scan" section and set it to the following:

d. Save the changes and close the file. f. Start ServerProtect for Linux. Issue 8: During a scheduled update, ServerProtect for Linux may use the wrong working directory when it tries to update again. This triggers a "PATCH_ERROR" message in "TmuDump.txt". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ServerProtect for Linux now always uses the correct working directory during scheduled updates. 9. Files Included in this Release ======================================================================== --------------------------------------------------------------------- Filename Build No. --------------------------------------------------------------------- splx 3.0.1455 splxcore 3.0.1455 splxhttpd 3.0.1455 vsapiapp 3.0.1455 splxmain 3.0.1455 SetTMDefaultExt 3.0.1455 splx_manual_scan 3.0.1455 splx_schedule_scan 3.0.1455 virus_type_finder 3.0.1455 entity 3.0.1455 libi18n.so.1 1.1.1.1177 liblogmgt.so.1 1.1.1.1177 liblogrdr.so.1 1.1.1.1177 liblogshr.so.1 1.1.1.1177 liblogwtr.so.1 1.1.1.1177 liblowlib.so.1 1.1.1.1177 libTMNotifymt.so.1 1.3.0.1075 libsplxcommon.so 3.0.1455 libsplxcxml.so 3.0.1455 libProductLibrary.so 3.0.1455 libEn_Utility.so.1.0.0 5.0.0.2165 libSSO_PKIHelper.so.1.0.0 5.0.0.2165 libTrendAprWrapper.so.1.0.0 5.0.0.2165 libcurl.so.4.0.0 5.0.0.2165 cgiCmdNotify 5.0.0.2165 DiagnosticTool 3.0.1455 CMconfig 3.0.1455 EncryptAgentPassword 3.0.1455 splxcomp 3.0.1455 splxport 3.0.1455 upcfg 3.0.1455 xmlvalidator 3.0.1455 checkBrowser.sh 3.0.1455 splxhttpd.conf 3.0.1455 libapr-1.so.0.5.1 3.0.1455 libaprutil-1.so.0.5.3 3.0.1455 libexpat.so.0.5.0 3.0.1455 splxhttpd 3.0.1455 server.crt 3.0.1455 server.key 3.0.1455 splxmain.8.gz 3.0.1455 tmsplx.xml.5.gz 3.0.1455 cmoption.cgi 3.0.1455 log_management.cgi 3.0.1455 login_and_register.cgi 3.0.1455 notification.cgi 3.0.1455 proption.cgi 3.0.1455 scanoption.cgi 3.0.1455 scanoption_set.cgi 3.0.1455 showpage.cgi 3.0.1455 srv_admin.cgi 3.0.1455 summary.cgi 3.0.1455 tmcm_sso.cgi 3.0.1455 viewlog.cgi 3.0.1455 wtcoption.cgi 3.0.1455 Alerts.htm 3.0.1455 charset.htm 3.0.1455 Recipients.htm 3.0.1455 cmsettings_no_reg.htm 3.0.1455 cmsettings_reged.htm 3.0.1455 password.htm 3.0.1455 proxy_settings.htm 3.0.1455 proxy_settings_update.htm 3.0.1455 menu_1.htm 3.0.1455 loginpage_never_registered_splx.htm 3.0.1455 loginpage_registered_splx.htm 3.0.1455 logoff_splx.htm 3.0.1455 Proxy.jar 3.0.1455 localization.js 3.0.1455 md5.js 3.0.1455 script1.js 3.0.1455 script_splx.js 3.0.1455 Manual.htm 3.0.1455 TMBIF 3.0.1455 SPLX.MIB 3.0.1455 Agent.ini.template 3.0.1455 Product.ini.template 3.0.1455 help 3.0.1455 AuPatch 2.85.1086 libpatch.so 2.85.1086 libtmactupdate.so 2.85.1086 cert5.db n/a x500.db n/a SPLX_CM_UI.zip n/a 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years of experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, ServerProtect, and Control Manager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide