<<<>>> Trend Micro Incorporated April 4th, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Email Inspector 3.0 - Patch 1 English - Linux - 64 Bits Critical Patch Build 1254 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ============================================================================== 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hotfixes 8. Contact Information 9. About Trend Micro 10. License Agreement ============================================================================== 1. Critical Patch Release Information ============================================================================== 1.1 Resolved Known Issues ============================================================================ This Critical Patch resolves the following issue(s): Issue: A memory leak issue related to the CMagent process prevents the scanner service from restarting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the memory leak issue so that the scanner service can restart normally. 1.2 Enhancements ============================================================================ The following enhancements are included in this Critical Patch: Enhancement: This hotfix improves the scanner service restart procedure. 2. Documentation Set ============================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://esupport.trendmicro.com 3. System Requirements ============================================================================== 1. Trend Micro Deep Discovery Email Inspector 3.0 Patch 1 Build 1246 - English - Linux - x64 4. Installation/Uninstallation ============================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ============================================================================ To install: 1. Click "Administration > Product Updates > Hot Fixes / Patches". The "Install Hot Fix / Patch" screen appears. 2. Click "Browse" and select the "ddei_30_lx_en_criticalpatch_b1254.7z.tar" hotfix file. 3. Click "Install". 4. Verify that the hotfix has been installed successfully. a. Click "Administration > Product Updates > Hot Fixes / Patches". In the "History" table, check if the "Build" is "1254" and "Description" is "Hot Fix 1254". b. Choose the "About" option under "Help". c. Verify that the "Hot fix" number on the "About" page is "1254". 5. Clean the web browser cache. NOTES: * The program version for the device will NOT change after applying this hotfix. * Deep Discovery Email Inspector 3.0 Patch 1 restarts automatically after installing this hotfix. 4.2 Uninstalling ============================================================================ No special uninstallation instructions are provided. 5. Post-installation Configuration ============================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ============================================================================== Known issues in this release: #1 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118] **Problem:** When only the "Connect to Smart Protection for Web Reputation Services" option is enabled on the "Administration > Scanning / Analysis > Other Settings > Smart Protection" screen, Deep Discovery Email Inspector does not perform connection tests for the following: * Web Inspection Service * Certified Safe Software Service * Community File Reputation **Solution:** On the "Administration > Scanning / Analysis > Other Settings > Smart Protection" screen, either clear the "Connect to Smart Protection for Web Reputation Services" checkbox or select both "Connect to Smart Protection for Web Reputation Services" and "Connect to global services using Smart Protection Server". #2 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118] **Problem:** If Web Reputation Service and Community File Reputation are unreachable using IPv4 addresses in a dual-stack network, the Administration > System Maintenance > Network Services Diagnostics screen still displays the final resolved IPv4 addresses for these services. #3 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118] **Problem:** When performing sandbox analysis using a Windows 10 image that requires higher system resources, the performance of Deep Discovery Email Inspector may be affected. **Solution:** Trend Micro recommends evaluating the system load capacity on Deep Discovery Email Inspector before using a Windows 10 sandbox environment for analysis. #4 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector cannot receive incoming emails messages from other IPv6 subnets if the "Hosts in the same address class" option is enabled on the "Administration > Mail Settings > Limits and Exceptions" screen. #5 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** After daylight savings time changes to standard time on Deep Discovery Email Inspector, a duplicate time value appears on widgets. #6 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** While operating in SPAN/TAP mode, Deep Discovery Email Inspector cannot capture VLAN traffic that is encapsulated by Cisco Inter-Switch Link (ISL) protocol. #7 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector is unable to import Virtual Analyzer images from an FTP server in active mode. Deep Discovery Email Inspector security does not allow this type of connection. **Solution:** Trend Micro recommends using FTP servers in passive mode, or importing the Virtual Analyzer images through another method. #8 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector cannot read the subject of email messages in non-standard formats. **Solution:** Trend Micro recommends only routing standard-formatted email messages. Most mail user agents cannot read email messages in non-standard formats. #9 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Time format in the following pages cannot be changed if "Date and time format" in the "System Settings > Time" page is changed. 1. "Last updated" time of each widget in "Dashboard > Add Widgets" 2. "Last update" time in widget preview screenshot 3. Time in email screenshot in "Detection" details. **Solution: ** 1. For "Last updated" time of each widget, it was a limitation of the widget framework used in Deep Discovery Email Inspector to show time in a corresponding format. 2. For "Last update" time in the widget preview screenshot, it is not possible to be changed due to the fact that the preview screenshot is a picture. 3. For the time shown in the email screenshot, it was created by the third-party email client. It depends on locale to show proper time format, not the user-defined time format. #10 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Some risky URLs in an email may not be rewritten to be a link redirected to blocking or warning page, even if the same URLs have been rewritten, if there are more than 60 URLs in an email. **Solution:** Deep Discovery Email Inspector will at most extract 60 URLs from an email for scanning by default. If some of the URLs were scanned have a risk, they will be rewritten to a link that can redirect to a blocking or warning page. If the number of URLs in the email exceeds 60, some of URLs will not be rewritten due to the fact that they were not extracted by Deep Discovery Email Inspector. #11 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** In Deep Discovery Email Inspector 2.5, submission filters was changed that allow the user to select the specific file type groups to be analyzed. After upgrading from Deep Discovery Email Inspector 2.1, the specific file type group, (which includes file types selected in Version 2.1) will be automatically selected to be analyzed. Afterward, the other file types which belong to the specific file type group will be also selected for analyzing. **Solution:** Re-configure "Submission Filters" in the "Administration > Scanning / Analysis > Virtual Analyzer > Settings" page to select the necessary file type groups. #12 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector cannot scan password-protected Office PowerPoint 2003 files. **Solution:** The encryption of Office PowerPoint 2003 files is different from later versions, and this format cannot be decrypted. #13 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** If the user enables "Connect to Smart Protection Server for Web Reputation Services" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page, the internal Virtual Analyzer will not run the URL block reason query, Census query or the Certified Safe Software Service query. Additionally, it will not provide Smart Feedback. **Solution:** This is the configuration of the internal Virtual Analyzer. The user can either disable "Connect to Smart Protection for Web Reputation Services" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page or enable both "Connect to Smart Protection Server for Web Reputation Services" and "Connect to global services using Smart Protection Server" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page. #14 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** When integrated with Deep Discovery Analyzer, the final risk level of a malicious URL in Deep Discovery Email Inspector is different with the risk level in Deep Discovery Analyzer. **Solution: **Deep Discovery Analyzer can support several different products with varying risk levels, so for Deep Discovery Email Inspector, the risk level for malicious URLs returned by Virtual Analyzer (no matter whether either internal Virtual Analyzer or Deep Discovery Analyzer) will be downgraded one level. #15 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** After upgrading from Deep Discovery Email Inspector 2.1 to 2.5, the web console cannot be redirected to the login page automatically. Additionally, the certificate of Deep Discovery Email Inspector will be changed, therefore the user needs to confirm and accept the new certificate. **Solution:** Re-open Deep Discovery Email Inspector web console and login again. #16 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** For the same email attachment which has a different file name, after being analyzed by Deep Discovery Analyzer, the analysis reports for the two attachments will have the same file name. **Solution:** As the current specification of Deep Discovery Analyzer, it will return the cached analysis result for the same files or URLs to Deep Discovery Email Inspector. #17 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Under Microsoft Edge and IE10, there will be two delete icons at the end of "Search" box in "Dashboard > Add Widgets" page. **Solution:** Microsoft IE10 and Edge will create a delete icon for "Search" box by default. However, Widget Framework has already created another delete icon. #18 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Under the current specifications of Deep Discovery Email Inspector, Single-Sign-On from Control Manager is not supported under the HTTP protocol. **Solution:** Log into the Control Manager web console using HTTPS protocol. #19 Known Issue: [Reported at: DDEI 2.6.0 GM B1298] When Deep Discovery Email Inspector connects to a proxy server that supports multiple HTTP authentication methods, some services (except ActiveUpdate and product license registration) may not function properly. On the Network Services Diagnostics screen, the service status becomes Unsuccessful. #20 Known Issue: [Reported at: DDEI 2.6.0 GM B1298] When a message contains more than one suspicious file attachment with the same SHA1 value, the Detections screen displays only one entry for the multiple file attachments. #21 Known Issue: [Reported at: DDEI 2.6.0 GM B1298] If the default gateway is configured on a network interface other than eth0 using CLISH, the web console does not display the current default gateway and DNS settings. 7. Release History ============================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 7.1 Prior Hotfixes ============================================================================ Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1253] Issue: Deep Discovery Email Inspector may not be able to extract URLs from specific PDF files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix improves the URL extraction module to support this kind of PDF file. Enhancement 1: This hotfix improves the performance of the password analyzer in Deep Discovery Email Inspector. Enhancement 2: This hotfix enhances the CDT module to collect more system-level information. [Hotfix 1249] Issue 1: The file extension field in the YARA Rules configuration page is case-sensitive. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the web console logic to make the file extension field case-insensitive. Issue 2: Deep Discovery Email Inspector cannot analyze a file from URLs when the "Content-Type" header is empty. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix enables Deep Discovery Email Inspector to support the analysis of files from URLs when the "Content-Type" header is empty. 8. Contact Information ============================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ============================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, Deep Discovery Email Inspector, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ============================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide