>
Trend Micro Incorporated October 12, 2018
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trend Micro(TM) ServerProtect(TM) for Linux(TM) 3.0
Service Pack 1 Patch 8 - Build 1575
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This Readme file was current as of the date above. However,
all customers are advised to check Trend Micro's website for
documentation updates.
http://www.trendmicro.com/download
TIP: Register online with Trend Micro within 30 days of
installation to continue downloading new pattern files and
product updates from the Trend Micro website. Register
during installation or online at:
https://clp.trendmicro.com/FullRegistration?T=TM
Contents
===================================================================
1. About ServerProtect for Linux
1.1 Overview of this Release
1.2 Who Should Install this Release
2. What's New
2.1 Enhancements
2.2 Resolved Known Issues
3. Documentation Set
4. System Requirements
5. Installation
5.1 Installing
5.2 Uninstalling
6. Post-Installation Configuration
7. Known Issues
8. Release History
8.1 Patch 1
8.2 Patch 2
8.3 Patch 3
8.4 Patch 4
8.5 Patch 5
8.6 Patch 6
8.7 Patch 7
9. Files Included in this Release
10. Contact Information
11. About Trend Micro
12. License Agreement
===================================================================
1. About ServerProtect for Linux
========================================================================
ServerProtect for Linux provides comprehensive protection against
computer viruses/spywares, Trojans, worms, and other security risks
for file servers based on the Linux operating system. Managed
through an intuitive, portable web-based console or Linux command
line console, ServerProtect provides centralized virus scanning,
pattern updates, event reporting, and antivirus configuration.
Award:
Winner of SYS-CON Linux and Enterprise Open Source Readers' Choice
Award
Certification:
ServerProtect for Linux 3.0 fully supports Novell(R) OES2 and is
Novell YES certified for the following:
- 32-bit operating systems
(See "http://developer.novell.com/yes/92344.htm")
- 64-bit operating systems
(See "http://developer.novell.com/yes/92345.htm")
1.1 Overview of this Release
=====================================================================
Patch 8 resolves issues found in ServerProtect for Linux 3.0 after
the release of Service Pack 1 Patch 7.
Refer to the "What's New" section for enhancements implemented and
known issues resolved in this release.
1.2 Who Should Install this Release
=====================================================================
You should install this patch release if you are currently running
any ServerProtect for Linux 3.0 package released before
Patch 8.
2. What's New
========================================================================
This release incorporates all previous hotfixes since the release
of ServerProtect for Linux 3.0.
NOTE: Please install this patch before completing any procedures
in this section (see "Installation").
This patch addresses the following issues and includes the following
enhancements:
2.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: Kernel Hooking Module Source Code - This patch updates
the Kernel Hooking Module (KHM) source code to version
3.0.1.0018. Refer to the following website for more
information about the latest KHM source code:
http://downloadcenter.trendmicro.com/
index.php?clk=tbl&clkval=111®s=NABU&lang_loc
=1#undefined
Enhancement 2: Apache(TM) Server - This patch updates the Apache
server to version 2.4.34, and the OpenSSL module
in the Apache server to version 1.0.2o.
Enhancement 3:
[Hotfix 1540] ActiveUpdate (AU) module - This patch updates the
AU module to version 2.86.0.1074 to enable it to
check if a patch agent is available in the update
server before starting an update and to cancel the
update if it does not detect a patch agent.
Enhancement 4: TMNotify Module - This patch updates the TMNotify
module to version 1.3.0.1084 to solve potential memory
corruption risk due to the misuse of function
setlocale().
Enhancement 5: License Profile - This patch enables the ServerProtect
Web console to access license profile information when
required.
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: The "log_management.cgi" file in ServerProtect for
Linux 3.0 is affected by a Cross-site Scripting (XSS)
vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1:
[Critical Patch 1519] This patch resolves this XSS vulnerability by
adding a checking mechanism to ensure that the data
for the HTTP GET/POST method is in the correct format.
Issue 2: The "notification.cgi" file in ServerProtect for Linux
3.0 is affected by an XSS vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2:
[Critical Patch 1519] This patch resolves this XSS vulnerability by
adding a checking mechanism to ensure that the data
for the HTTP GET/POST method is in the correct format.
Issue 3: Communication to the AU server is unencrypted by
default.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3:
[Critical Patch 1519] This patch resolves this vulnerability by
enabling the AU server to encrypt the communication
using HTTPS.
Issue 4: Packages downloaded from the AU server are not signed
or validated by default.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4:
[Critical Patch 1519] This patch resolves this vulnerability by
allowing ServerProtect to enable the Digital Signature
Check and Server Certificate Verification functions by
default when downloading components from the AU
server.
Issue 5: Users can set or add any path for the quarantine
directory.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5:
[Critical Patch 1519] This patch resolves this vulnerability by
restricting the quarantine directory path to specific
paths only.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 5: To set or add the "/tmp" folder for the quarantine
directory:
a. Install this patch (see "Installation").
b. Open the "tmsplx.xml" file under the
"/opt/TrendMicro/SProtectLinux" folder using a text
editor.
c. In the "Scan" group of "tmsplx.xml", locate the
"MoveToWhiteList" string, the default string is as
follows:
d. Append ":/tmp" to the value:
NOTE: Removing ":/tmp" removes the restriction.
e. Save the changes and close the file.
Issue 6: Users can set or add any path for the backup directory.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6:
[Critical Patch 1519] This patch resolves this vulnerability by
restricting the backup directory path to specific
paths only.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 6: To set or add the "/tmp" folder for the backup
directory:
a. Install this patch (see "Installation").
b. Open the "tmsplx.xml" file under the
"/opt/TrendMicro/SProtectLinux" folder using a text
editor.
c. In the "Scan" group of "tmsplx.xml", locate the
"SaveToWhiteList" string, the default string is as
follows:
d. Append ":/tmp" to the value:
NOTE: Removing ":/tmp" removes the restriction.
e. Save the changes and close the file.
Issue 7: The ServerProtect for Linux 3.0 web console is
affected by a CSRF vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7:
[Critical Patch 1531] This patch resolves the CSRF vulnerability by
adding a secure random token for the web console.
Issue 8: Some feedback data are generated in duplicate.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8:
[Critical Patch 1536] This patch removes the duplicate feedback data.
Issue 9: The "Entity" process may trigger a high CPU usage issue
when users attempt to view Virus, Spyware, Scan, or
System logs on the web console and it encounters an
unexpected string in any of the logs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 9:
[Hotfix 1540] This patch resolves the issue by adding a mechanism to
handle unexpected strings and help ensure that the
"Entity" process runs normally.
Issue 10: The TLS 1.0 protocol used in the web console is
affected by the weak CBC-Mode vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 10:
[Critical Patch 1541] This patch resolves the issue by disabling
TLS 1.0 in the web console by default.
NOTE: After applying this patch, if you cannot login to the
web console through a browser or Single Sign-On (SSO)
to it from Trend Micro Control Manager(TM), upgrade
your browser or apply the latest Control Manger patch
to enable it to support newer TLS protocols.
Issue 11: A potential interoperability issue between the splx
service and other services, such as autofs, may
trigger the kernel to stop responding.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 11:
[Hotfix 1548] This patch resolves the issue by ensuring that the
splx service is the last service to start during
startup.
Issue 12: Sometimes, the ServerProtect for Linux web console
shows an update complete message even though the manual
update has failed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 12:
[Hotfix 1560] This patch resolves the issue by ensuring that the web
console receives the update failed results correctly.
Issue 13: The "Logs > Log Directory" page name changes to
"Automatic Delete" after users click on the "Save"
button.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 13:
[Hotfix 1560]This patch ensures that the page name remains the same
after users click on the "Save" button.
Issue 14: The "Scan Now" button appears in the log results on the
"Logs > Virus Logs" and "Logs > Spyware Logs" pages.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 14:
[Hotfix 1560]This patch updates the log display logic of both pages
to ensure that the "Scan Now" button does not appear in
the log results.
Issue 15: SSO does not work after Control Manager 7.0 switches
from default mode to multi-session mode.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 15:
[Hotfix 1568] This patch resolves the issue by adding the
"Set-Cookie" method in the response header to send the
"SessionID" to Control Manager 7.0 in multi-session
mode.
Issue 16: The memory usage rises unexpectedly during a manual or
scheduled scan.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 16:
[Hotfix 1569] This patch resolves the issue by enabling users to
configure a manual or scheduled scan to sleep for a
few milliseconds before scanning the next file. This
can help reduce the memory usage during scans.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 16: To configure the time interval:
a. Install this patch (see "Installation").
b. Open the "tmsplx.xml" file in the
"/opt/TrendMicro/SProtectLinux" folder.
c. Add the following keys and set each to the preferred
value in milliseconds. For example, to set both
manual and scheduled scan to sleep for
one millisecond between files, set:
NOTE: Trend Micro recommends setting these to "1"
and observing the CPU usage. Increase the
values as needed.
d. Save the changes and close the file.
e. Restart the splx service by running the following
command:
#./service splx restart
Issue 17: ServerProtect for Linux cannot apply engine and pattern
updates from Control Manager 7.0 because the PatchAgent
component cannot be downloaded successfully.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 17:
[Hotfix 1571] This patch resolves the issue by adding the PatchAgent
information into the product profile that ServerProtect
for Linux sends to Control Manager. This helps ensure
that PatchAgent can be downloaded from Control Manager
so that engine and pattern updates can be applied
successfully.
3. Documentation Set
========================================================================
To download or view electronic versions of the documentation set for
this product, go to http://docs.trendmicro.com
In addition to this Readme file, the documentation set for this
product includes the following:
- Online Help: The Online Help contains an overview of features
and key concepts, and information on configuring and
maintaining ServerProtect for Linux.
To access the Online Help, go to http://docs.trendmicro.com
- Administrator's Guide (AG): The Administrator's Guide contains
an overview of features and key concepts, and information on
configuring and maintaining ServerProtect for Linux.
- Getting Started Guide (GSG): The Getting Started Guide
contains product overview, installation planning, installation
and configuration instructions, and basic information intended
to get "up and running".
- Support Portal: The Support Portal contains information on
troubleshooting and resolving known issues.
To access the Support Portal, go to http://esupport.trendmicro.com
4. System Requirements
========================================================================
Install this patch only on computers running ServerProtect for
Linux 3.0 or higher versions released before this Patch.
NOTE: Refer to the ServerProtect readme file for detailed system
requirements for installing the product.
5. Installation
========================================================================
This section explains key steps for installing the patch. Refer to
the "Administrator's Guide" (AG) for detailed information.
5.1 Installing
=====================================================================
To install:
1. If you have registered or are going to register ServerProtect for
Linux to Control Manager, make sure the latest Control Manager
patch has been applied.
2. Log on as a root user.
3. Copy "splx_30_lx_en_sp1_patch8.tar.gz" to a working directory
such as "/tmp/workdir".
4. Type the following commands:
# cd /tmp/workdir
# tar zxvf splx_30_lx_en_sp1_patch8.tar.gz
# chmod u+x splx_30_lx_en_sp1_patch8.bin
#./splx_30_lx_en_sp1_patch8.bin
NOTES:
- The last command stops the ServerProtect services before
installing this patch.
- ServerProtect services automatically start after the system
completes the installation process.
5.2 Uninstalling
=====================================================================
To roll back to the previous ServerProtect for Linux build:
1. Run the following command:
#rpm -e splx-3.0-sp1-patch8
NOTE: As the configuration file, "tmsplx.xml", used by Patch 8
may not be compatible with the one used by the previous
ServerProtect for Linux release version, the configuration
file will be saved as "tmsplx.xml.p8.rpmsave" when you
uninstall this patch. ServerProtect for Linux will use the
configuration file previously backed up when installing
this patch.
2. Manually compare and synchronize the settings between the
backed-up configuration file and the configuration file used by
Patch 8 to apply the same custom settings to ServerProtect for
Linux.
NOTE: You can retrieve the ServerProtect for Linux 3.0 RPM
information from the "Version.ini" file in the
"/opt/TrendMicro/SProtectLinux/" information folder.
Refer to Section 7.1 for more information.
6. Post-Installation Configuration
========================================================================
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing the product.
7. Known Issues
========================================================================
Known issues in this release:
7.1 Installation Issue
=====================================================================
Patch 8 must remove the previous ServerProtect for Linux 3.0
Patch RPM information from the RPM database to prevent
inconsistencies. Due to the limitation of RPM, the previous
ServerProtect for Linux 3.0 Patch information could not be
restored to the RPM database. Instead, it is stored in
"/opt/TrendMicro/SProtectLinux/Version.ini".
7.2 Unable to export logs in Microsoft(TM) Internet Explorer(TM) 9
when accessing the web console using the HTTPS protocol.
=====================================================================
To resolve this known issue:
1. On Internet Explorer 9, click the settings icon, or the
"Tools" menu, and then click "Internet Options".
2. On the "Advanced" tab, clear the "Do not save encrypted
pages to disk" option.
3. Click "OK" to save the settings.
7.3 On Internet Explorer, the progress bar animation does not work
while ServerProtect for Linux registers or unregisters from
Control Manager.
=====================================================================
To resolve this known issue:
1. On Internet Explorer, click the settings icon, or the
"Tools" menu, and then click "Internet Options".
2. On the "Advanced" tab, select the "Play animations in
webpages" option.
3. Click "OK" to save the settings.
4. Restart Internet Explorer and access the ServerProtect for
Linux web console again.
8. Release History
========================================================================
8.1 Patch 1
=====================================================================
8.1.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: Internal HTTP Server - The internal HTTP server for
ServerProtect has been updated to resolve some
security issues.
Enhancement 2: KHM Source Code - The KHM source code in the latest
KHM packages has been updated.
Enhancement 3: Kernel Debug Log - A dynamic enabling feature has
been added to the kernel debug log.
8.1.2 Resolved Known Issues
=====================================================================
The following known issues are resolved in this release:
Issue 1: ServerProtect for Linux does not send event logs to
Control Manager if only the engine or spyware pattern is
updated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1:
[Hotfix 1222] ServerProtect for Linux now sends event logs to Control
Manager for engine or spyware pattern only updates. This
enables Control Manager to send out email notifications
for the status of the events, if configured to do so.
Issue 2: When ServerProtect for Linux registers to Control Manager
using Fully Qualified Domain Name (FQDN), the
registration process may fail during the Linux system
startup if the network environment is not ready.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2:
[Hotfix 1224] ServerProtect for Linux now attempts to register
several times within a specified period of time if the
Control Manager registration fails.
Issue 3: When stopping ServerProtect for Linux services,
ServerProtect for Linux cannot terminate the scheduled
scanning process if the real-time scanning function is
not working.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3:
[Hotfix 1234] ServerProtect for Linux now stops the scheduled
scanning process normally when executing the
"/etc/init.d/splx stop" command to stop the ServerProtect
for Linux services.
Issue 4: Even when the pattern file or scan engine is updated
successfully, ServerProtect for Linux may generate a
system log "ActiveUpdate not completed" with the reason
"ActiveUpdate successfully downloaded the patch files.
Patch update is now in progress".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4:
[Hotfix 1241] The "WaitingTime" parameter has been added in the
"ActiveUpdate" section of the "tmsplx.xml" file. The
default value for the "WaitingTime" parameter is "60"
seconds which is adequate for most applications. Users
can reconfigure this value as needed.
Issue 5: ServerProtect for Linux cannot register to
Control Manager if the domain information in
"/etc/resolve.conf" is too long.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5:
[Hotfix 1246] Trend Micro has changed the way ServerProtect retrieves
the host machine domain name to resolve the issue.
Issue 6: When ServerProtect for Linux performs an update and all
components are still up-to-date, the event log displays
incorrect information. This prompts Control Manager to
send an email notification stating "Update unsuccessful".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6:
[Hotfix 1247] ServerProtect for Linux now records this update as a
successful update; Control Manager notes that there is
no update needed and does not send out an "Update
unsuccessful" notification.
Issue 7: ServerProtect for Linux does not send email notifications
when it detects a security risk by manual scan or
scheduled scan.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7:
[Hotfix 1250] The "AlertInfectionFoundByMS" hidden key has been
added to the "tmsplx.xml" file. When enabled, this key
prompts ServerProtect for Linux to send email
notifications for a detected security risk after a manual
scan or scheduled scan.
Issue 8: The PR page displays a grace expiry date that is one
month earlier than the real grace expiry date.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8: The PR page now displays the correct grace expiry date.
Issue 9: The "splxhttpd" service does not stop properly if the
process ID of a newly-created "splxhttpd" process is
higher than the one created before it. The same issue
affects the "entity" process.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 9: ServerProtect for Linux now uses a new method to stop the
"splxhttpd" and "entity" processes in the "splxhttpd" and
"splxcore" script. This enables ServerProtect for Linux
to stop the two processes properly.
8.2 Patch 2
=====================================================================
8.2.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: KHM Source Code - the KHM source code has been
updated. Refer to the following website for more
information about the latest KHM source code:
http://www.trendmicro.com/download/
kernel.asp?prodid=20
Enhancement 2: ServerProtect for Linux Web Console - The
ServerProtect for Linux web console to accept square
brackets ("[" and "]").
Enhancement 3: Legacy Pattern Release Files- ServerProtect for Linux
can now be configured to use legacy pattern release
files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 3: To enable the option:
a. Open the "tmsplx.xml" file using a text editor.
b. Change the value for "PatternType" to
"PATTERN_VSAPI_LEGACY".
c. Restart ServerProtect for Linux using the following
command:
/etc/init.d/splx restart
Note: When a higher pattern version is available,
the key will take effect only after a successful
pattern update.
Enhancement 4: Registration Timeout - Users can now set the timeout
value when ServerProtect registers to Control Manager.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 4: To set the timeout value:
a. Open the "tmsplx.xml" file using a text editor.
b. Add the "CMRegistrationTimeout" option under
the "Configuration" section and set the value
to the timeout duration in seconds.
c. Restart "splx" using the following command:
/etc/init.d/splx restart
Enhancement 5: KHM now supports the following kernels of
Red Hat(TM) 4/5 and SUSE Linux Enterprise 10:
Red Hat Enterprise Linux Server/Desktop 4
(i686 and x86_64)
- 2.6.9-89.0.20.ELsmp i686
- 2.6.9-89.0.20.EL i686
- 2.6.9-89.0.20.ELsmp x86_64
- 2.6.9-89.0.20.EL x86_64
Red Hat Enterprise Linux Server/Desktop 5
(i686 and x86_64)
- 2.6.18-164.11.1.el5PAE i686
- 2.6.18-164.11.1.el5xen i686
- 2.6.18-164.11.1.el5 i686
- 2.6.18-164.11.1.el5 x86_64
- 2.6.18-164.11.1.el5xen x86_64
SUSE Linux Enterprise 10 (Server or Desktop)
(i686 and x86_64)
- 2.6.16.60-0.59.1-xen i686
- 2.6.16.60-0.59.1-smp i686
- 2.6.16.60-0.59.1-bigsmp i686
- 2.6.16.60-0.59.1-smp x86_64
- 2.6.16.60-0.59.1-xen x86_64
- 2.6.16.60-0.59.1-default x86_64
8.2.2 Resolved Known Issues
=====================================================================
The following known issues are resolved in this release:
Issue 1: If the debug log is enabled and users start a manual or
scheduled update while an update process is running, the
following message appears in the debug log:
"Find the previous manual/schedule scan."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: The log has been changed to:
"Find the previous manual/schedule update."
Issue 2: When users register ServerProtect for Linux to
Control Manager in text mode and the registration fails,
the ActiveUpdate server still changes to "TMCM update
server". This prompts ServerProtect for Linux to ask the
user to unregister from Control Manager first the next
time the user attempts to register to Control Manager in
text mode.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This issue has been resolved.
Issue 3: When users make changes to the manual scan options, some
changes may not take effect when users start a manual
scan by clicking "Scan now" from the "Summary" page.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This issue has been resolved.
8.3 Patch 3
=====================================================================
8.3.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: KHM Source Code - The KHM source code has been
updated. Refer go to the following website for more
information about the latest KHM source code:
http://downloadcenter.trendmicro.com/
index.php?clk=tbl&clkval=111®s=NABU&lang_loc
=1#undefined
Enhancement 2: Users can now set the maximum size of files for scans.
This improves the ServerProtect for Linux performance
while scanning a large number of compressed files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 2: To configure the option:
a. Open "tmsplx.xml" file using a text editor.
b. Add the "RealtimeNotScanSize" and
"OnDemandNotScanSize" keys under the "Scan" section
and set the value to a positive integer in
megabytes.
c. Restart the ServerProtect for Linux service.
Note: The key does not take effect if the value is set
to "0". "RealtimeNotScanSize" is for real-time
scans; "OnDemandNotScanSize" is for manual and
scheduled scans.
Enhancement 3: Users can now prevent ServerProtect from deleting the
old "TmuDump.txt" ActiveUpdate log and append new
ActiveUpdate logs to the existing log file instead.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 3: To enable the option:
a. Open the "tmsplx.xml" file using a text editor.
b. Add the "KeepAULog" option under the "ActiveUpdate"
section and set its value to "1".
c. Restart the ServerProtect for Linux service.
To control the total size of "TmuDump.txt":
a. Open the "aucfg.ini" file under the
"/opt/TrendMicro/SProtectLinux/" folder using a
text editor.
b. Add the "log_size" key under the "debug" section
of the "aucfg.ini" file and set its value
to the size limit in megabytes.
For example, to set the size limit of the
"TmuDump.txt" file to 1 MB, set:
[debug]
log_size = 1
c. Save the changes to the "aucfg.ini" file.
Enhancement 4: Users can now create a list of approved process names.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 4: To create/edit the list of approved processes:
a. Open the "tmsplx.xml" file using a text editor.
b. Add the "RealtimeExcludeCommand" key under the
"Scan" section and specify the approved processes
separating multiple commands using a colon (:).
For example:
NOTE: The feature can only take effect after you
apply KHM version above 3.0.0.0005.
This feature supports only the asterisk (*) and
question mark (?) as wild card characters and
behaves similarly to the real-time scan
exclusion list setting.
Enhancement 5: KHM now supports the use of the asterisk (*) and
question mark (?) as wild card characters in the
"Exclude these locations" and "Exclude the specified
files" fields of the real-time scan exclusion list.
8.3.2 Resolved Known Issues
=====================================================================
The following known issues are resolved in this release:
Issue 1: While establishing an SMTP session with the email server
to send email notifications from ServerProtect for
Linux, ServerProtect for Linux sends a "HELO" command to
the email server before the email server's greeting
message arrives. As a result, ServerProtect for Linux
treats the greeting message as the email server's
response to the "HELO" command. This causes an error
that prevents ServerProtect for Linux from establishing
the SMTP session and sending out the email notification.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1:
[Hotfix 1301] ServerProtect for Linux now sends out email
notifications without issues.
Issue 2: After applying ServerProtect for Linux 3.0 Service Pack 1
Patch 2, the ServerProtect real-time scan may take an
unusually long amount of time to scan compressed files
containing a large number of files even when the current
real-time scan setting is set to skip most of the files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2:
[Hotfix 1307] An unnecessary delay operation added in Patch 2 has
been deleted to resolve the issue.
Issue 3: ServerProtect for Linux CDT tools do not collect some
important information such as log messages, KHM
information and the AU log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3:
[Hotfix 1310] ServerProtect for Linux CDT tools now collect
"/var/log/messages", AU logs, and KHM information.
Issue 4: ServerProtect for Linux does not automatically register
to Control Manager if Control Manager starts after
ServerProtect for Linux. When registration fails,
ServerProtect for Linux will not show the registration
information that was previously entered on the Web
console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4:
[Hotfix 1311] An auto-register process has been added in
ServerProtect for Linux to resolve this issue.
Issue 5: A vulnerability exists in the ServerProtect for
Linux 3.0 "splxhttpd" binary file containing
OpenSSL 0.9.8i. Remote attackers can exploit this
vulnerability and use malformed records in a HTTPS
connection with ServerProtect for Linux to cause
ServerProtect for Linux to stop unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5: The OpenSSL module in "splxhttpd" has been upgraded to
resolve this issue.
8.4 Patch 4
=====================================================================
8.4.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: KHM Source Code - The KHM source code has been
updated. Refer to the following website for more
information about the latest KHM source code:
http://downloadcenter.trendmicro.com/
index.php?clk=tbl&clkval=111®s=NABU&lang_loc
=1#undefined
Enhancement 2: Apache Server - The Apache server and the OpenSSL
module in the Apache server have been updated.
8.4.2 Resolved Known Issues
=====================================================================
The following known issues are resolved in this release:
Issue 1: ServerProtect for Linux sends the last VSAPI and virus
pattern update time to Control Manager in the GMT time
zone. This prevents Control Manager from displaying the
update time in local time.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1:
[Hotfix 1318] ServerProtect for Linux now sends Control Manager the
last VSAPI and virus pattern update time in local
time.
Issue 2: During manual scans, ServerProtect for Linux displays
"ERROR" and "-1" scanned files on the Web page if the
total number of files for scanning has not been updated
in a long time.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2:
[Hotfix 1321] This issue has been resolved.
Issue 3: Under certain conditions, when the ServerProtect for
Linux real-time scan detects a virus in a compressed
file, the virus/spyware log for the compressed file does
not display a virus name and action result.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3:
[Hotfix 1322] The virus/spyware logs now display the correct virus
name and action result.
Issue 4: Error logs appear in "/var/log/messages" when some
hidden keys introduced in Patch 3 are not configured.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4:
[Hotfix 1340] Error logs now appear in "/var/log/messages" only when
the debug log level is set to "5".
Issue 5: ServerProtect for Linux uses an older version of the
VSAPI engine on the Red Hat Enterprise Linux 6 platform.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5: ServerProtect for Linux now uses the latest VSAPI engine
for the Red Hat Enterprise Linux 6 platform.
8.5 Patch 5
=====================================================================
8.5.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: KHM Source Code - KHM source code has been updated to
version 3.0.1.0010. Refer to the following website
for more information about the latest KHM source code:
http://downloadcenter.trendmicro.com/
index.php?clk=tbl&clkval=111®s=NABU&lang_loc
=1#undefined
Enhancement 2: Apache Server - The Apache server has been upgraded
to version 2.2.25, and the OpenSSL module in the
Apache server to version 1.0.1e.
Enhancement 3: ActiveUpdate Module - The ActiveUpdate (AU) module
has been upgraded to version 2.85 and the following
three folders:
- "/opt/TrendMicro/SProtectLinux/AU_Cache"
- "/opt/TrendMicro/SProtectLinux/AU_Temp"
- "/opt/TrendMicro/SProtectLinux/AU_Log"
have been moved to:
- "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Cache"
- "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Temp"
- "/opt/TrendMicro/SProtectLinux/AU_Data/AU_Log"
8.5.2 Resolved Known Issues
=====================================================================
The following known issues are resolved in this release:
Issue 1: ServerProtect for Linux sends a notification for an
outdated pattern file even when the pattern file is
up-to-date.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1:
[Hotfix 1358] The way ServerProtect for Linux determines whether a
pattern file is up-to-date or not has been enhanced to
ensures that ServerProtect for Linux sends out an
outdated pattern file notification only when a pattern
file is outdated.
Issue 2: Users do not receive any notifications after
ServerProtect for Linux disables the Real-time Scan.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2:
[Hotfix 1359] An option has been added to ensure that users receive
notifications even after ServerProtect for Linux
disables the Real-time Scan.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 2: To enable this feature:
a. Stop ServerProtect for Linux.
b. Open the "tmsplx.xml" file under the
"/opt/TrendMicro/SProtectLinux/" folder.
c. Locate the "AlertRealtimeScanStatus" key under the
"Scan" section and set it to the following:
d. Save the changes and close the "tmsplx.xml" file.
e. Start ServerProtect for Linux.
Issue 3: When users choose to update multiple components and one
or more components, but not all, update successfully,
the last update time of all selected components will be
updated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3:
[Hotfix 1363] Now, only the last update time of successfully updated
components are changed in this case.
Issue 4: Control Manager does not support the display of any
information about the new engine for the Common Internet
File System (CIFS) in ServerProtect for Linux.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4:
[Critical Patch 1366] Control Manager now displays the necessary
information about the new engine for CIFS in
ServerProtect for Linux.
Issue 5: The warning message that appears during an update to
warn users that the product license has expired contains
a typographical error. In the message, "perion" was used
instead of "period".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5:
[Hotfix 1371] The typographical error in the notification has been
corrected.
Issue 6: The cron job setting is not updated with all the rest of
the ServerProtect for Linux settings during
configuration replication from one computer to another
through the Control Manager console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6:
[Hotfix 1372] The cron job setting is now always updated with the
rest of the ServerProtect for Linux settings during
configuration replication from one computer to another
through the Control Manager console.
Issue 7: By default, Scheduled Scan and Manual Scan modify the
last access time of files after scans.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7:
[Hotfix 1383] An option has been added to prevent Scheduled Scan and
Manual Scan from modifying a file's last access time if
the file is not infected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 7: To enable this feature:
a. Stop ServerProtect for Linux.
b. Open the "tmsplx.xml" file.
c. Locate the "DisableAtimeNoChange" key under the
"Scan" section and set it to the following:
d. Save the changes and close the file.
f. Start ServerProtect for Linux.
Issue 8: During a scheduled update, ServerProtect for Linux may
use the wrong working directory when it tries to update
again. This triggers a "PATCH_ERROR" message in
"TmuDump.txt".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8: ServerProtect for Linux now always uses the correct
working directory during scheduled updates.
8.6 Patch 6
=====================================================================
8.6.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: Kernel Hooking Module Source Code - KHM source code
has been updated to version 3.0.1.0013. Refer to
the following website for more information about the
latest KHM source code:
http://downloadcenter.trendmicro.com/
index.php?clk=tbl&clkval=111®s=NABU&lang_loc
=1#undefined
Enhancement 2: Apache(TM) Server - The Apache server has been
upgraded to version 2.2.29, and the OpenSSL module
in the Apache server to version 1.0.1m.
Enhancement 3: Common Log Module - The Common Log Module has been
upgraded to version 1.1.1.1177 to support leap second.
Enhancement 4: World Virus Tracking Program - The World Virus
Tracking feature has been removed from ServerProtect
for Linux 3.0 because the Trend Micro's World Virus
Tracking Center is no longer available. The following
configuration items in the tmsplx.xml file are out of
date:
Enhancement 5: TMNotify Module - The TMNotify module has been
upgraded to version 1.3.0.1075 to use different OID to
send SNMP trap messages. The following mib file will
be added to ServerProtect for Linux:
"/opt/TrendMicro/SProtectLinux/SPLX.MIB"
Note: If the SNMP manager uses a version of the
mib file that is older than the one specified
above, you should replace the old version with
the file above.
Enhancement 6: License Deployment Feature - The CMAgent SDK has been
upgraded to version 5.0.0.2165 to support license
deployment from Control Manager. You can now deploy a
new Activation Code or renew an existing Activation
Code from Control Manager.
Enhancement 7: Fixed Web UI Security Vulnerabilities - All the high
and medium Web console security vulnerabilities
found by Nessus, Acunetix Web Vulnerability Scanner,
and IBM Rational AppScan have been fixed.
Enhancement 8: HTTP Redirect - HTTP is not a safe protocol. This
enhancement enables ServerProtect to switch from HTTP
to HTTPS.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 8: To enable HTTP access:
a. Open the "splxhttpd.conf" file in the
"/opt/TrendMicro/SProtectLinux/SPLX.httpd/conf"
folder.
b. Comment out the four lines.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#RewriteEngine on
#RewriteCond %{HTTPS} !=on
#RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [C]
#RewriteRule //(.*): https://$1:14943/ [R=301,L]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
c. Save the changes and close the file.
d. Restart the splxhttpd service using the following
command:
service splxhttpd restart
8.6.2 Resolved Known Issues
=====================================================================
The following known issues are resolved in this release:
Issue 1: The Java applet component of ServerProtect for
Linux 3.0 is blocked after users update the Java Runtime
Environment (JRE) module to 7u51.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1:
[Critical Patch 1403] The Java applet component of ServerProtect for
Linux 3.0 has been rebuilt according to Oracle's notes
at the following website:
https://blogs.oracle.com/java-platform-group/entry/
new_security_requirements_for_rias.
Issue 2: On some platform versions of Linux, the AU module may
not be able to merge pattern files or may stop
unexpectedly during an update while using up a large
amount of CPU resources.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2:
[Hotfix AU 2.85 1086] A memory management function in RTPatch
("libpatch.so") has been updated to ensure that AU can
merge pattern files and perform updates successfully.
Issue 3: ServerProtect for Linux 3.0 may not be able to send the
correct operating system language information to
Control Manager when it is installed on the Red Hat 6 or
CentOS 6 platform.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3:
[Hotfix 1421] ServerProtect for Linux 3.0 now sends the correct
operating system information to Control Manager.
Issue 4: Sometimes, the "Some errors were found while stopping
the splx kernel module." message appears while
ServerProtect for Linux 3.0 closes because the
ServerProtect script does not wait long enough for the
kernel module to finish unloading.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4:
[Hotfix 1425] The ServerProtect script now gives the kernel module
more time to unload while ServerProtect for Linux 3.0
closes. This helps prevent the error message from
appearing.
Issue 5: ServerProtect for Linux 3.0 converts file names in virus
logs to "UCS-4" before sending these logs to
Control Manager. Sometimes, ServerProtect for Linux
3.0 encounters an exception error while converting file
names that are not in "UTF-8" format, which can trigger
the process "entity" to stop unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5:
[Hotfix 1428] ServerProtect for Linux 3.0 can now catch the
exception, then convert the file name to "ASCII" and
replace non-ASCII characters with question marks.
ServerProtect for Linux 3.0 then converts the "ASCII"
file name to "UCS-4".
Issue 6: Sometimes, ServerProtect for Linux 3.0 cannot open a
file during a manual scan or scheduled scan. This
triggers an error that can cause the scan to take
unusually long time to complete.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6:
[Hotfix 1431] ServerProtect for Linux 3.0 can now correctly handle
the error so that a manual or scheduled scan runs
normally when ServerProtect for Linux 3.0 fails to open
a file during the scan.
Issue 7: ServerProtect for Linux 3.0 does not accept public
IP addresses or public domain names, but these appear as
examples on the SMTP settings page of the Web console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7:
[Hotfix 1436] The public IP addresses and public domain names have
been deleted from the SMTP settings page.
Issue 8: Sometimes, ServerProtect for Linux stops unexpectedly
when ServerProtect for Linux tries to erase a cookie
or tries to get the string value from the configuration
file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8: This known issue has been resolved.
Issue 9: Sometimes, logs may be deleted unexpectedly after users
change the log directory even when the logs are not
older than the number of days specified in "MaxLogDay"s.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 9: ServerProtect for Linux now deletes only logs that are
older than the number of days specified in "MaxLogDay".
Issue 10: Sometimes, if ServerProtect for Linux accesses
Control Manager through a secure protocol using a
proxy, it may not be able to connect to Control Manager
through Single Sign-On (SSO).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 10: ServerProtect for Linux can now connect to Control
Manager through SSO under the scenario above.
Issue 11: Sometimes, if the permission for the
"SSO_PKI_PublicKey.pem" file generated by ServerProtect
for Linux is incorrect, it may not be able to connect
to Control Manager through SSO.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 11: ServerProtect for Linux can now connect to Control
Manager through SSO under the scenario above.
8.7 Patch 7
=====================================================================
8.7.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: Kernel Hooking Module Source Code - The Kernel Hooking
Module (KHM) source code to version 3.0.1.0016. Refer
to the following website for more information about
the latest KHM source code:
http://downloadcenter.trendmicro.com/
index.php?clk=tbl&clkval=111®s=NABU&lang_loc
=1#undefined
Enhancement 2: Apache(TM) Server - The Apache server has been updated
to version 2.2.31, and the OpenSSL module in the
Apache server to version 1.0.2j.
Enhancement 3: Control Manager Agent SDK – The CMAgent SDK of
32-bit ServerProtect has been upgraded to version
5.0.0.2188 and the CMAgent SDK of 64-bit ServerProtect
to version 5.0.0.2179.
Enhancement 4: Web Server Certificate - A new certificate has been
generated with SHA 256 signature algorithm.
Enhancement 5: Encryption Components - The JAVA Applet Encryption
components of the web console has been replaced with
the AES 256 encryption algorithm of Crypto-JS. The
passwords of the email account, proxy account, and
Control Manager registration account will be encrypted
using AES 256 encryption algorithm.
Enhancement 6: Logon Protection - ServerProtect now automatically
locks an account for 30 minutes if the user fails to
type the correct logon password five times within
15 minutes.
Enhancement 7: Password Management – New passwords must now be a
combination of at least three types of the following:
uppercase letters, lowercase letters, numbers and
special characters. Any of the ten most recent
passwords cannot be reused.
Enhancement 8: TMNotify Module – The TMNotify module has been updated
to version 1.3.0.1077 to ensure that it sends email
notifications using the correct time zones.
8.7.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: The Linux system stops responding when ServerProtect
for Linux 3.0 stops unexpectedly due to deadlock issues
in the kernel space.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1:
[Hotfix 1062/1464] The Linux system now runs normally when
ServerProtect for Linux 3.0 stops unexpectedly.
Issue 2: Sometimes, the strtok function triggers ServerProtect
for Linux 3.0 to stop unexpectedly. This occurs because
this function is not thread-safe.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2:
[Hotfix 1063/1464] This issue has bee resolved by enabling
ServerProtect for Linux 3.0 to switch to a thread-safe
function.
Issue 3: When the manual scan and scheduled scan processes detect
a virus, ServerProtect for Linux sends a Simple Network
Management Protocol (SNMP) message with the
"tpNormalEvent" type. This is the same message type used
for unsuccessful pattern file updates.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3:
[Hotfix 1063/1465] ServerProtect for Linux now sends a "tpVirusEvent"
message when the manual scan and scheduled scan
processes detect a virus, and to send a "tpUpdateEvent"
message for unsuccessful pattern file updates.
Issue 4: ServerProtect for Linux 3.0 converts file names in virus
logs to "UCS-4" before sending these logs to Control
Manager. Sometimes, ServerProtect for Linux 3.0
encounters an exception error that can trigger the
process "entity" to stop unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4:
[Hotfix 1063/1466] ServerProtect for Linux 3.0 can now catch the
exception.
Issue 5: When Real-Time Scan is enabled in ServerProtect for
Linux, the operating system (OS) may stop responding
when accessing files in a shared folder through a
mounted network drive (NFS).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5:
[Hotfix 1063/1467] The operating system can now access files in a
shared folder through a mounted network drive when
Real-Time scan is enabled.
Issue 6: ServerProtect for Linux 3.0 may not be able to verify
the certificate of the AU Server. When this happens, it
cannot update pattern and engine files with AU.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6:
[Hotfix 1478] The AU module has been updated to enable it to verify
the certificate of the AU Server successfully.
Issue 7: The "viewlog.cgi" file in ServerProtect for Linux 3.0 is
affected by an XSS vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7:
[Critical Patch 1064/1473] The XSS vulnerability has been resolved
by adding a checking mechanism to ensure that the data
for the HTTP GET/POST method is in the correct format.
Issue 8: The "vsapiapp" process of ServerProtect for Linux 3.0
may stop unexpectedly while calling the "pthread_kill"
process using a thread that has already exited.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8:
[Hotfix 1067/1485] The "vsapiapp" process now calls the
"pthread_kill" API using an active thread.
Issue 9: ServerProtect is affected by CVE-2016-5387: The Apache
Server does not protect applications from the presence
of untrusted client data in the HTTP_PROXY environment
variable, which might allow remote attackers to redirect
an application's outbound HTTP traffic to an arbitrary
proxy server using a crafted proxy header in an HTTP
request, aka an "httpoxy" issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 9: The Apache Server now ignores the "Proxy" HTTP header,
because this header is not used in ServerProtect.
Issue 10: ServerProtect is affected by CVE-2016-2183: The DES and
Triple DES ciphers, as used in the TLS, SSH, and IPSec
protocols and other protocols and products, have a
birthday bound of approximately four billion blocks,
which makes it easier for remote attackers to obtain
cleartext data through a birthday attack against a
long-duration encrypted session, as demonstrated by an
HTTPS session using Triple DES in CBC mode or a
"Sweet32" attack.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 10: The DES and Triple DES ciphers of the Apache Server have
been disabled.
9. Files Included in this Release
========================================================================
---------------------------------------------------------------------
Filename Build No.
---------------------------------------------------------------------
For both 32-bit and 64-bit ServerProtect:
splx 3.0.1575
splxcore 3.0.1575
splxhttpd 3.0.1575
splx.service 3.0.1575
splxcore.service 3.0.1575
splxhttpd.service 3.0.1575
vsapiapp 3.0.1575
splxmain 3.0.1575
SetTMDefaultExt 3.0.1575
splx_manual_scan 3.0.1575
splx_schedule_scan 3.0.1575
virus_type_finder 3.0.1575
entity 3.0.1575
libi18n.so.1 1.1.1.1177
liblogmgt.so.1 1.1.1.1177
liblogrdr.so.1 1.1.1.1177
liblogshr.so.1 1.1.1.1177
liblogwtr.so.1 1.1.1.1177
liblowlib.so.1 1.1.1.1177
libTMNotifymt.so.1 1.3.0.1078
libsplxcommon.so 3.0.1575
libsplxcxml.so 3.0.1575
libProductLibrary.so 3.0.1575
DiagnosticTool 3.0.1575
CMconfig 3.0.1575
EncryptAgentPassword 3.0.1575
splxcomp 3.0.1575
splxport 3.0.1575
upcfg 3.0.1575
xmlvalidator 3.0.1575
checkBrowser.sh 3.0.1575
splxhttpd.conf 3.0.1575
libapr-1.so.0.6.3 3.0.1575
libaprutil-1.so.0.6.1 3.0.1575
libexpat.so.1.6.7 3.0.1575
splxhttpd 3.0.1575
server.crt 3.0.1575
server.key 3.0.1575
splxmain.8.gz 3.0.1575
tmsplx.xml.5.gz 3.0.1575
cmoption.cgi 3.0.1575
log_management.cgi 3.0.1575
login_and_register.cgi 3.0.1575
notification.cgi 3.0.1575
proption.cgi 3.0.1575
scanoption.cgi 3.0.1575
scanoption_set.cgi 3.0.1575
showpage.cgi 3.0.1575
srv_admin.cgi 3.0.1575
summary.cgi 3.0.1575
tmcm_sso.cgi 3.0.1575
viewlog.cgi 3.0.1575
summary.htm 3.0.1575
Specifying_the_Download_Source.htm 3.0.1575
Alerts.htm 3.0.1575
charset.htm 3.0.1575
Recipients.htm 3.0.1575
cmsettings_no_reg.htm 3.0.1575
cmsettings_reged.htm 3.0.1575
password.htm 3.0.1575
proxy_settings.htm 3.0.1575
proxy_settings_update.htm 3.0.1575
menu_1.htm 3.0.1575
loginpage_registered_splx.htm 3.0.1575
logoff_splx.htm 3.0.1575
backup_directory.htm 3.0.1575
customer_register.htm 3.0.1575
quarantine_directory.htm 3.0.1575
registration.htm 3.0.1575
pr_activate.htm 3.0.1575
pr_activate_rej.htm 3.0.1575
pr_licenseinfo_no_ac.htm 3.0.1575
pr_licenseinfo_full_ac_end.htm 3.0.1575
pr_licenseinfo_full_ac.htm 3.0.1575
pr_licenseinfo_full_ac_progress.htm 3.0.1575
setting_on.htm 3.0.1575
banner.htm 3.0.1575
banner_cm.htm 3.0.1575
password_wrong.htm 3.0.1575
TmCube_Common.js 3.0.1575
client_cfg.js 3.0.1575
calendar.js 3.0.1575
Update_Scheduled.htm 3.0.1575
update_progress.htm 3.0.1575
Update_Manual.htm 3.0.1575
update_fail.htm 3.0.1575
Scheduled.htm 3.0.1575
scan_progress0.htm 3.0.1575
scan_progress2.htm 3.0.1575
scan_progress.htm 3.0.1575
Real-time.htm 3.0.1575
Manual.htm 3.0.1575
Response_success.htm 3.0.1575
virus_logs.htm 3.0.1575
system_logs.htm 3.0.1575
spyware_logs.htm 3.0.1575
scan_logs.htm 3.0.1575
purge_now.htm 3.0.1575
logs_on_disk.htm 3.0.1575
log_directory.htm 3.0.1575
log_directory_response 3.0.1575
exclusion_scheduled.htm 3.0.1575
exclusion_real.htm 3.0.1575
exclusion_manual.htm 3.0.1575
exclusion_manual_response.htm 3.0.1575
exclusion_real_response.htm 3.0.1575
localization.js 3.0.1575
script1.js 3.0.1575
script_splx.js 3.0.1575
Manual.htm 3.0.1575
TMBIF 3.0.1575
SPLX.MIB 3.0.1575
Agent.ini.template 3.0.1575
Product.ini.template 3.0.1575
help 3.0.1575
CryptoJS 3.0.1575
AuPatch 3.0.1551
libpatch.so 3.0.1551
libtmactupdate.so 3.0.1551
cert5.db n/a
x500.db n/a
SPLX_CM_UI.zip n/a
For both 32-bit ServerProtect:
cgiCmdNotify 5.0.0.2188
libProductLibrary.so 5.0.0.2188
libEn_Utility.so.1.0.0 5.0.0.2188
libSSO_PKIHelper.so.1.0.0 5.0.0.2188
libTrendAprWrapper.so.1.0.0 5.0.0.2188
libapr-1.so.0.1.1 5.0.0.2188
libcrypto.so.1.0.0 5.0.0.2188
libcurl.so.4.0.0 5.0.0.2188
libssl.so.1.0.0 5.0.0.2188
For 64-bit ServerProtect:
cgiCmdNotify 5.0.0.2179
libProductLibrary.so 5.0.0.2179
libEn_Utility.so.1.0.0 5.0.0.2179
libSSO_PKIHelper.so.1.0.0 5.0.0.2179
libTrendAprWrapper.so.1.0.0 5.0.0.2179
libapr-1.so.0.1.1 5.0.0.2179
libcrypto.so.1.0.0 5.0.0.2179
libcurl.so.4.0.0 5.0.0.2179
libssl.so.1.0.0 5.0.0.2179
10. Contact Information
========================================================================
A license to Trend Micro software usually includes the right to
product updates, pattern file updates, and basic technical support
for one (1) year from the date of purchase only. After the first
year, you must renew Maintenance on an annual basis at Trend Micro's
then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website
to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
11. About Trend Micro
========================================================================
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative
security solutions that make the world safe for businesses and
consumers to exchange digital information.
Copyright 2018, Trend Micro Incorporated. All rights reserved.
Trend Micro, Smart Protection Network, ServerProtect, Control
Manager, and the t-ball logo are trademarks of Trend Micro
Incorporated and are registered in some jurisdictions. All other
marks are the trademarks or registered trademarks of their
respective companies.
12. License Agreement
========================================================================
View information about your license agreement with Trend Micro at:
http://www.trendmicro.com/us/about-us/legal-policies/
license-agreements
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide