<> Trend Micro Incorporated January 31, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 9.1 Patch 3 - Build 1960 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About InterScan Messaging Security Virtual Appliance 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and antispyware. Content filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 1.1 Overview of This Release ===================================================================== This patch includes all patches and critical patches released after IMSVA 9.1 GM Build 1600. 1.2 Who Should Install This Release ===================================================================== Install this patch if you are currently running any package released before IMSVA 9.1 Patch 3 Build 1960. 2. What's New ======================================================================== NOTES: - Please install the Patch before completing any procedures in this section (see "Installation"). - If you are using Trend Micro Control Manager(TM) 6.0 to manage IMSVA 9.1, you need to install Hotfix 3425 for Control Manager 6.0 Service Pack 3 after installing this patch. - You must restart all IMSVA devices as scheduled after applying this patch. 2.1 Enhancements ===================================================================== The following enhancements are included in this patch: Enhancement 1: LDAP - When an LDAP is configured, the IMSVA policy server may need to retrieve all of the groups of each sender and recipient. If the group relationships in LDAP are complicated, it may take too long to retrieve all the information. This patch provides a way for users to configure up to which layer IMSVA should query. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To specify up to which layer IMSVA should query: 1. Install this patch (see "Installation"). 2. Connect to the IMSVA database using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Run the following SQL statement in a single line: INSERT INTO tb_global_setting VALUES ('policy_server','maxLdapGroupQueryLayer',x, 'imss.ini'); NOTE: "x" is one less than the preferred number of layers. For example, to set it to query until the second layer, set the value to "1". 4. Log off from the database server by running the following command: \q 5. Restart the policy service using the following command: /opt/trend/imss/script/S99POLICY restart WARNING: Configure this key only as needed because IMSVA may fail to retrieve parent groups once this key has been set. Enhancement 2: End User Quarantine (EUQ) - This patch enables the IMSVA EUQ console and EUQ digest notification email messages to support Polish. To send EUQ digest notifications in Polish, change the EUQ digest notification language setting in the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To change the EUQ digest notification language setting in the database to Polish: 1. Install this patch (see "Installation"). 2. Connect to the database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Run the following command: insert into tb_global_setting values('euq', 'locale','pl','imss.ini'); NOTE: The default value is en_US. 4. Close the database connection using the following command: \q Enhancement 3: ActiveUpdate (AU) - This patch enables IMSVA to support the TLS protocol for AU updates. It also provides an option to configure IMSVA to use only TLS 1.2 for AU updates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure IMSVA to use only TLS 1.2 for AU updates: 1. Install this patch (see "Installation"). 2. Connect to the IMSVA database using the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Run the following SQL statements to set the threshold to the preferred value: insert into tb_global_setting values('Update', 'TLS12_Only','1','imss.ini',''); 4. Log off from the database server by running the following command: \q 5. Restart the management console using the following command: /opt/trend/imss/script/S99ADMINUI restart 6. Save the changes and close the file. Enhancement 4: Domain Keys Identified Mail (DKIM) - When the domain specified in the "From" header does not match the specified domain in "d=" of the DKIM-Signature header, IMSVA 9.1 treats the email message as "DKIM verification failure" but adds "X-DKIM-Authentication-Result: dkim=pass" to the header. This patch enables users to configure IMSVA to allow these email messages to pass DKIM verification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To configure IMSVA to allow email messages when the domain specified in the "From" header does not match the specified domain in "d=" of the DKIM-Signature header to pass DKIM verification: 1. Install this patch (see "Installation"). 2. Connect to the database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Add a hidden key in the database by running the following command: insert into tb_global_setting (section, name, value, inifile) VALUES ('dkim', 'DomainNoNeedChecked', '1', 'imss.ini'); 4. Close the database connection using the following command: \q" Enhancement 5: Even if there are multiple LDAP and KDC servers, IMSVA can only have one KDC server. This is enforced in "krb5.conf". Editing "krb5.conf" manually should allow IMSVA to use multiple KDC servers. However, the "euqutil -e" command which updates "krb5.conf" using the LDAP/KDC server information in the database is executed from scheduled tasks and starting scripts. As a result, IMSVA will still not be able to use multiple KDC servers even if you add a second KDC server to "krb5.conf". This patch allows users to configure IMSVA not to export the "krb5.conf" file by the "euqutil -e" command which enables them to manually edit the file, so IMSVA can use multiple KDC servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To configure IMSVA not to export the "krb5.conf" file by the "euqutil -e" command: 1. Install this patch (see "Installation"). 2. Open the "imss.ini" file. 3. Add the following key under the "LDAP" section and set it to "yes". [LDAP] DonotUpdateKRB5CONF=yes NOTE: The default value is "no" which disables the feature. 4. Save the changes and close the file. NOTE: If you specified a second KDC server in "krb5.conf", IMSVA will use that server when the first KDC server is not working. Enhancement 6: Tomcat-connector - This patch upgrades Tomcat-connector in IMSVA. Enhancement 7: OpenSSL - This patch upgrades OpenSSL in IMSVA. Enhancement 8: Apache - This patch upgrades Apache in IMSVA. Enhancement 9: Tomcat - This patch upgrades Tomcat in IMSVA. Enhancement 10: PHP - This patch upgrades PHP in IMSVA. Enhancement 11: PCRE - This patch upgrades PCRE in IMSVA. Enhancement 12: eManager(TM) - This patch upgrades the eManager module in IMSVA. Enhancement 13: DMARC Policy - This patch adds DMARC policy information in the DMARC authentication header to aid in further analysis. Enhancement 14: Trend Micro Deep Discovery Analyzer - This patch enables IMSVA to send suspicious URLs to Deep Discovery Analyzer. NOTE: This enhancement supports only versions 6.0 and 6.1 of Deep Discovery Analyzer. Enhancement 15: Attachment Phishing - This patch enables the IMSVA Web Reputation Services (WRS) policy to automatically extract URLS from file attachments and to check the safety of each URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 15: To enable attachment Phishing: 1. Install this patch (see "Installation"). 2. Connect to the database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Add a hidden key in the database by running the following command: insert into tb_global_setting (section, name, value, inifile) VALUES ('wrs', 'enable_extract_att_url', 'yes', 'imss.ini'); 4. Close the database connection using the following command: \q" 5. Restart the scan service using the following command. S99IMSS restart Enhancement 16: LDAPS Enhancement - This patch enables IMSVA to encrypt its communication with the LDAP server with TLS 1.2 WARNING: To support TLS 1.2, IMSVA has upgraded its NSS with newly-introduced RSA-PSS signatures. Users using OpenLDAP with NSS may need to upgrade NSS on the LDAP server machine. Otherwise, IMSVA will not be able to connect to the LDAP server because the LDAP server will refuse to communicate with it. Enhancement 17: Patch Enhancement - This patch enables IMSVA to apply critical patches from the management console. This patch also allows IMSVA to roll back multiple patches/hotfixes/critical patches from the management console. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: Email Reputation Services (ERS) stops working after the ERS server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch updates Foxproxy to ensure that ERS works normally after the ERS server restarts. Issue 2: Split message logs are not displayed in Message Tracking Logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch updates imssd to remove duplicate UUIDs to ensure that Message Tracking Logs are generated normally. Issue 3: IMSVA 9.1 is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch removes the vulnerabilities. Issue 4: Configuration replication fails in IMSVA servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch enables the web console to limit the keyword expression in each group to 614,400 characters. This helps ensure that configuration replication proceeds normally in IMSVA servers. Issue 5: In version 7.3 and any higher version of Red Hat(TM) Enterprise for Linux(TM), TmFoxProxy stops unexpectedly after glibc is updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch resolves the issue by replacing the TmFoxProxy binary. Issue 6: Users cannot apply hotfixes through an external database using a Fully-Qualified Domain Name (FQDN). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch ensures that users can apply hotfixes successfully through an external database using FQDN. Issue 7: IMSVA needs to upgrade some third-party libraries, which are open to some vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch upgrades the third-party libraries to resolve these vulnerabilities. Issue 8: The imssd process stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch upgrades the TmMsg module to the latest version to resolve this issue. Issue 9: The system runs out of resources while IMSVA performs root cause analysis on the IMSVA queue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch upgrades the eManager module to fix this issue. Issue 10: A Veracode scan detected possible vulnerabilities in IMSVA 9.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch resolves the vulnerabilities to improve product security. Issue 11: The IMSVA manager automatically flushes email messages to the scanner after a pattern update. However, under certain conditions, IMSVA does not flush the Postfix queue after a pattern update and when this happens, the email messages are delayed or not sent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch ensures IMSVA always flushes the Postfix queue after a pattern update. Issue 12: The "Selector name" field in the "Administration > IMSVA Configuration > DKIM Signature" page of the IMSVA console does not allow users to specify an input name that contains a dash character "-". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch enables the field to accept input names that contain a "-". Issue 13: When users send an email message to multiple recipients, and one or more recipients are invalid, IMSVA automatically closes the TCP connection. When this happens, valid recipients do not receive the email message on time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch ensures that there are no delays for valid recipients under the scenario described above. Issue 14: The DMARC function may treat some email messages as failed in the SPF check even when these messages should pass the SPF check. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch upgrades the SPF module to ensure that email messages that pass the SPF check do not trigger the DMARC function. Issue 15: IMSVA may not be able to delete an attachment from some special email messages which should not contain any attachment according to RFC standards even when Deep Discovery Analyzer has tagged these messages as high risks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures IMSVA takes the necessary actions on these email messages. If IMSVA detects only one attachment, IMSVA will remove the whole email message. And if IMSVA detects several attachments but cannot determine which one Deep Discovery Analyzer is reporting as malware, IMSVA will raise an exception. Issue 16: Some files are assigned the wrong permissions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch corrects the file permissions. Issue 17: Some minor issues have been detected in IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch resolves these issues. Issue 18: IMSVA may not be able to send EUQ digest notification email messages that contain at least one long email address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch ensures that IMSVA can send EUQ digest notification email messages that contain long email addresses. Issue 19: A blank sender address may be added to the EUQ approved sender list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch prevents this from happening. Issue 20: The IMSVA "Name or extension" policy may not be able to detect certain types of files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch ensures that the policy can detect files normally. Issue 21: The IMSVA foxproxy process may stop unexpectedly when users add a subnet that contains a large number of IP addresses to the approved/blocked list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch ensures that users can add subnets that contain a large number of IP addresses to the approved/blocked list. Issue 22: Currently, the IMSVA DMARC feature checks only the first signature in an email message. If there are multiple signatures, and the first signature is invalid, the DMARC policy fails even when the succeeding signatures are valid. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch enables the IMSVA DMARC feature to check multiple DKIM headers to resolve the issue. Issue 23: DMARC feedback reports use the wrong DKIM selector. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch ensures that the DMARC feedback reports use the correct DKIM selector. Issue 24: If IMSVA cannot connect to the ERS server during startup, the ERS feature will be disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch enables IMSVA to monitor the ERS server status if it was not reachable during startup. Once the ERS server recovers, IMSVA will restart TmFoxFilter to automatically enable the ERS feature. Issue 25: IMSVA always uses the HTTP protocol when querying the WRS even when the URL uses a different protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch enables IMSVA to use the correct protocol for WRS queries. Issue 26: The "EnableScanFileNameInPasswordCompress" hidden key does not work in IMSVA 9.1 Patch 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch updates the eManager module to resolve this issue. Issue 27: Users cannot renew IMSVA licenses from Trend Micro Control Manager(TM) if one of the licenses is not activated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch resolves the issue by enabling the license renewal procedure to skip unactivated licenses and continue to activate the rest of the licenses. Issue 28: IMSVA does not purge outdated "localservermgmt.*" log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch ensures that outdated log files are purged promptly. Issue 29: When users query logs in the "Logs > Log Query > Sender filtering" page of the IMSVA web console and specify a particular IP address to check, some other unrelated IP addresses still appear in the query results. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This patch resolves the issue by adding an IP checking for DMARC related records during log queries. Issue 30: Some email messages trigger the "DLP Compliance" policy by mistake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This patch resolves this issue. Issue 31: The "Text Exemption Rules" feature does not work if the rule name contains wide characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This patch ensures that the "Text Exemption Rules" feature works normally. Issue 32: IMSVA daily reports show zero email messages in the "Time-of-Click Protection" section. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This patch ensures that IMSVA retrieves the correct statistical information for the "Time-of-Click Protection" section in reports. Issue 33: IMSVA stops processing email messages unexpectedly while scanning certain types of PDF files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch upgrades the eManager module to resolve this issue. Issue 34: IMSVA sends the wrong user name for proxy authentication for the Smart Protection Network. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This patch ensures that IMSVA uses the right proxy user name for the Smart Protect Network. Issue 35: The Content Filtering policy may not be able to detect and quarantine certain email messages that contain Bitcoin. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch upgrades the eManager module and adds two hidden keys to resolve this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 25: To enable the "ContentFilterNormalize" and "IgnoreZeroWidthNonJoiner" keys: 1. Install this patch (see "Installation"). 2. Open the "imss.ini" file. 3. Add the following keys under the "general" section and set each to "yes". [general] EnableContentFilterNormalize=yes EnableIgnoreZeroWidthNonJoiner=yes 4. Save the changes and close the file. 5. Run the following command in the IMSVA backend: /opt/trend/imss/script/S99IMSS restart Issue 36: Users encounter high CPU usage issue when IMSVA scans certain email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This patch upgrades the eManager module to resolve this issue. Issue 37: Under certain extreme cases, IMSVA cannot reload the new DMARC policies and as a result, the policies cannot be applied. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch ensures that new DMARC policies can be reloaded and applied successfully. Issue 38: When an alternate LDAP server is registered and IMSVA cannot contact the first LDAP server during the log in process, IMSVA does not attempt to query the alternate LDAP server and users will not be able to log in. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch ensures that IMSVA automatically queries the alternate LDAP server if it cannot connect to the first LDAP server during log in. Issue 39: Sometimes, the IMSVA root partition is filled up by ATSE temporary files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch resolves the issue by moving the ATSE temporary folder path to the largest partition "/var/app_data", and adds an automatic purge mechanism for the folder. Issue 40: It takes a long time to send multiple email messages in one TCP connection. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch resolves the issue. Issue 41: The system monitor thread does not monitor the health of the "smtp_conn_agent" process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This patch ensures that the system monitor monitors the health of the "smtp_conn_agent" process. Issue 42: The wrong error message appears when users attempt to add an invalid email address in the anti-spam approved/blocked sender list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This patch corrects the error message. Issue 43: IMSVA does not restart after users run the reboot command. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This patch upgrades the upstart component to resolve the issue. Issue 44: Smart Scan queries fail if the proxy server stops unexpectedly while restarting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This patch splits the "server_list" database file into four different database files in the "localservermgmt" folder to resolve this issue. Issue 45: eManager behaves abnormally when scanning base 64-encoded email samples that contain the "\n" new line character. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This patch ensures the eManager can scan these email samples normally. Issue 46: The "Cloud Pre-Filter Status and Scheduled Maintenance Information" link in the "Cloud Pre-Filter" page of the IMSVA web console is unavailable. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: This patch removes the "Cloud Pre-Filter Status and Scheduled Maintenance Information" link from the "Cloud Pre-Filter" page. Issue 47: It takes longer to query message tracking logs from the IMSVA 9.1 console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 47: This patch ensures that users can query message tracking logs from the IMSVA 9.1 web console normally. Issue 48: After upgrading to IMSVA 9.1, a client's SNMP parser script cannot parse the SNMP trap message from IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 48: This patch resolves the issue by enabling users to set the SNMP trap format in IMSVA 9.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 48: To set the SNMP trap format in IMSVA 9.1: 1. Install this patch (see "Installation"). 2. Insert a record into the IMSVA database by running the following SQL statement in a line: insert into tb_global_setting (section, name, value, inifile) values ('general', 'SNMPMultiBinding', '1', 'imss.ini') 3. Run the following command in the IMSVA backend: /opt/trend/imss/script/imssctl.sh restart Issue 49: IMSVA intermittently stops submitting objects to Deep Discovery Analyzer for sandboxing during Control Manager configuration replication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 49: This patch resolves the issue. Issue 50: The eManager module still detects certain files in password-protected ZIP files even when the files are in the approved list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 50: This patch ensures that the eManager module is not triggered by files in the approved list. Issue 51: IMSVA uses an outdated version of eManager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 51: This patch updates the eManager module in IMSVA 9.1 to the latest version. Issue 52: The IMSVA "true file type" policy may not able to detect certain files inside other files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 52: This patch upgrades the eManager module to ensure that the IMSVA "true file type" policy can detect files inside files. Issue 53: When VSAPI returns a "BAD_FILE_ERR" or "BAD_ZIP_ERR" error, the file name is not recorded in the "%FILENAME%" variable. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 53: This patch ensures that the information is stored successfully. Issue 54: Users cannot select all true file types for a policy rule on the web UI page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 54: This patch allows users to select all true file types for a policy rule on the web UI page. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IMSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== Trend Micro recommends installing IMSVA 9.1 or IMSVA 9.1 Patch 1 or IMSVA 9.1 Patch 2 before installing this patch. You can download the package from: http://www.trendmicro.com/download/ 5. Installation ======================================================================== This section explains key steps for installing the patch. NOTE: You must install this patch on all computers running IMSVA if you are using distributed deployment mode. 5.1 Installing ===================================================================== To install: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Select the patch package and upload it. 4. After a few minutes, check the latest uploaded package information to make sure the management console successfully uploads the patch package to IMSVA. 5. If you have set up a group of IMSVA devices, select all child devices in the "Current status" section. Otherwise, select the parent device. 6. Click "Update". 7. If a group has been set up, wait for all child devices to finish updating before selecting the parent device in the "Current status" section. Otherwise, go to step 10. 8. Click "Update". 9. Wait for a few minutes and log on to the IMSVA management console again. 10. Go to "Administration > Updates > System & Applications". 11. Ensure that the "OS version"/"Application version" values for all items in the "Current status" section matches this patch version: OS Version: 2.6.32 Application Version: 9.1.0.1960 12. If you are using Control Manager 6.0 to manage IMSVA 9.1, install Hotfix 3425 for Control Manager 6.0 Service Pack 3. Contact the Trend Micro Support group for the patch package. 13. Restart all IMSVA devices as scheduled. 5.2 Uninstalling ===================================================================== To roll back to the previous build: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears, showing the updates and related log information. 4. Click "Rollback" to remove an update. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this release. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 9. Files Included in This Release ======================================================================== Filename Build No. --------------------------------------------------------------------- aucmd 9.1.0.1960 certagent 9.1.0.1960 cgiCmdNotify 9.1.0.1960 close_handle_sh 9.1.0.1960 config.lua 9.1.0.1960 c_rehash 9.1.0.1960 db_maintain 9.1.0.1960 dkim 9.1.0.1960 dkim-genkey 9.1.0.1960 dkim-genzone 9.1.0.1960 dtasagent 9.1.0.1960 euqlimpexp 9.1.0.1960 euqop 9.1.0.1960 euqutil 9.1.0.1960 forceUpdate 9.1.0.1960 foxdns 9.1.0.1960 ibe_job_doer 9.1.0.1960 ibe_job_getter 9.1.0.1960 ibe_reg 9.1.0.1960 ibes 9.1.0.1960 imp_exp 9.1.0.1960 imssausched 9.1.0.1960 imssauutil 9.1.0.1960 imsscmagent 9.1.0.1960 imssd 9.1.0.1960 imssdps 9.1.0.1960 imssdump 9.1.0.1960 imssmgr 9.1.0.1960 imssmgrmon 9.1.0.1960 imssps 9.1.0.1960 imsstasks 9.1.0.1960 IpcCleaner 9.1.0.1960 is_euq_enable 9.1.0.1960 is_ipfilt_enable 9.1.0.1960 ldaputil 9.1.0.1960 localservermgmt 9.1.0.1960 logtransfer 9.1.0.1960 nrslog_parser 9.1.0.1960 opendkim 9.1.0.1960 opendmarc 9.1.0.1960 openssl 9.1.0.1960 pack_tool 9.1.0.1960 passwd_util 9.1.0.1960 pemverify 9.1.0.1960 PolicyAgent 9.1.0.1960 prcmd 9.1.0.1960 purge_by_dbsize 9.1.0.1960 purge_scanner_info 9.1.0.1960 rc4 9.1.0.1960 rt_mail_traffic 9.1.0.1960 rtstat 9.1.0.1960 smtp_conn_agent 9.1.0.1960 soapclient 9.1.0.1960 tlsagent 9.1.0.1960 TmFoxFilter 9.1.0.1960 TmFoxProxy 9.1.0.1960 TmFoxPurgeLog 9.1.0.1960 TmFoxServiceOP 9.1.0.1960 wrsagent 9.1.0.1960 smart_reporter 9.1.0.1960 predata_gen 9.1.0.1960 dblog_janitor 9.1.0.1960 traffic_summary_gen 9.1.0.1960 libFilterAntiSpoof.so 9.1.0.1960 libpatch.so 9.1.0.1960 libGsoapClient.so 9.1.0.1960 libgssrpc.so 9.1.0.1960 libTMNotify.so 9.1.0.1960 libem_debug.so 9.1.0.1960 libssl3.so 9.1.0.1960 libspf2.so 9.1.0.1960 libssldap60.so 9.1.0.1960 libSSO_PKIHelper.so 9.1.0.1960 liblogin.so 9.1.0.1960 libsmime3.so 9.1.0.1960 libviewmail.so 9.1.0.1960 libpq.so 9.1.0.1960 libFilterSpsTmase.so 9.1.0.1960 libldif60.so 9.1.0.1960 libkdb5.so 9.1.0.1960 libImssPolicy.so 9.1.0.1960 libImssEncrypt.so 9.1.0.1960 liblogwtr.so 9.1.0.1960 libplc4.so 9.1.0.1960 libodbcinst.so 9.1.0.1960 libkrad.so 9.1.0.1960 libkadm5clnt.so 9.1.0.1960 libcrc0filter.so 9.1.0.1960 libtmau.so 9.1.0.1960 libldap60.so 9.1.0.1960 dtv_pdfcrypto.so 9.1.0.1960 libprldap60.so 9.1.0.1960 libFoxParser.so 9.1.0.1960 libopendkim.so 9.1.0.1960 icudata.so 9.1.0.1960 libxerces-c-3.1.so 9.1.0.1960 libnss3.so 9.1.0.1960 libPolicyCaller.so 9.1.0.1960 libicutoolutil.so 9.1.0.1960 libsqlite3.so 9.1.0.1960 libnssdbm3.so 9.1.0.1960 libIMSSjni.so 9.1.0.1960 libtmmsg.so 9.1.0.1960 libFilterEmgrPlugin.so 9.1.0.1960 libFilterWrs.so 9.1.0.1960 libTmIbeCryptoSdk.so 9.1.0.1960 libSSO_PKIHelper.so 9.1.0.1960 libcurl.so 9.1.0.1960 libEn_Utility.so 9.1.0.1960 libTrendAprWrapper.so 9.1.0.1960 libapr-1.so 9.1.0.1960 liblowlib.so 9.1.0.1960 libodbcpsqlS.so 9.1.0.1960 libFilterAction.so 9.1.0.1960 libkrb5support.so 9.1.0.1960 libidn.so 9.1.0.1960 libdb-4.so 9.1.0.1960 libtmactupdate.so 9.1.0.1960 libcrypto.so 9.1.0.1960 libkadm5srv_mit.so 9.1.0.1960 libpcrecpp.so 9.1.0.1960 libicudt.so 9.1.0.1960 libPolicyUtility.so 9.1.0.1960 libFilterGraymail.so 9.1.0.1960 libtmpr.so 9.1.0.1960 libdb-4.8.so 9.1.0.1960 libpcre.so 9.1.0.1960 libodbc.so 9.1.0.1960 libtmlogwpr.so 9.1.0.1960 libkrb5.so 9.1.0.1960 libGsoapMtaClient.so 9.1.0.1960 libxml2.so 9.1.0.1960 libopendmarc.so 9.1.0.1960 libGuid.so 9.1.0.1960 libkadm5clnt_mit.so 9.1.0.1960 libem_helpr.so 9.1.0.1960 libodbcpsql.so 9.1.0.1960 liblogmgt.so 9.1.0.1960 libk5crypto.so 9.1.0.1960 libcme_dll.so 9.1.0.1960 libtmfbeng.so 9.1.0.1960 libplds4.so 9.1.0.1960 libfreeblpriv3.so 9.1.0.1960 libicudt18l.so 9.1.0.1960 libfreebl3.so 9.1.0.1960 libImssCrypto.so 9.1.0.1960 libnspr4.so 9.1.0.1960 libICRCHdler.so 9.1.0.1960 libtmprapi.so 9.1.0.1960 libICRCPerfLib_Cli.so 9.1.0.1960 libcom_err.so 9.1.0.1960 libdkim.so 9.1.0.1960 libtmprapid.so 9.1.0.1960 libImssRule.so 9.1.0.1960 libTMNotifymt.so 9.1.0.1960 libnsssysinit.so 9.1.0.1960 libdb.so 9.1.0.1960 libTmIntLog.so 9.1.0.1960 libcme_vxe_dll.so 9.1.0.1960 libdtsearch.so 9.1.0.1960 libProductLibrary.so 9.1.0.1960 liblogshr.so 9.1.0.1960 libstrl.so 9.1.0.1960 libustdio.so 9.1.0.1960 libicuuc.so 9.1.0.1960 libkadm5srv.so 9.1.0.1960 libEUQjni.so 9.1.0.1960 libicui18n.so 9.1.0.1960 libcme_vxe_dll_static.so 9.1.0.1960 libFilterVirus.so 9.1.0.1960 libnssckbi.so 9.1.0.1960 libgssapi_krb5.so 9.1.0.1960 libImssDKIM.so 9.1.0.1960 libxslt.so 9.1.0.1960 libmimepp.so 9.1.0.1960 libssl.so 9.1.0.1960 libImssCommon.so 9.1.0.1960 libFilterDkimEF.so 9.1.0.1960 libnssutil3.so 9.1.0.1960 libsysinfo.so 9.1.0.1960 libciuas32.so 9.1.0.1960 libexslt.so 9.1.0.1960 libImssDAO.so 9.1.0.1960 libTmFoxSocketLib.so 9.1.0.1960 libsoftokn3.so 9.1.0.1960 libapr-1.so 9.1.0.1960 libeuq.so 9.1.0.1960 libEmExpression.so 9.1.0.1960 libtmalc.so 9.1.0.1960 libverto.so 9.1.0.1960 libpcreposix.so 9.1.0.1960 liblogrdr.so 9.1.0.1960 libi18n.so 9.1.0.1960 postalias 9.1.0.1960 postcat 9.1.0.1960 postconf 9.1.0.1960 postdrop 9.1.0.1960 postfix 9.1.0.1960 postkick 9.1.0.1960 postlock 9.1.0.1960 postlog 9.1.0.1960 postmap 9.1.0.1960 postmulti 9.1.0.1960 postqueue 9.1.0.1960 postsuper 9.1.0.1960 sendmail 9.1.0.1960 anvil 9.1.0.1960 bounce 9.1.0.1960 cleanup 9.1.0.1960 discard 9.1.0.1960 error 9.1.0.1960 flush 9.1.0.1960 lmtp 9.1.0.1960 local 9.1.0.1960 master 9.1.0.1960 nqmgr 9.1.0.1960 oqmgr 9.1.0.1960 pickup 9.1.0.1960 pipe 9.1.0.1960 postfix-script 9.1.0.1960 postfix-wrapper 9.1.0.1960 post-install 9.1.0.1960 postmulti-script 9.1.0.1960 proxymap 9.1.0.1960 qmgr 9.1.0.1960 qmqpd 9.1.0.1960 scache 9.1.0.1960 showq 9.1.0.1960 smtp 9.1.0.1960 smtpd 9.1.0.1960 spawn 9.1.0.1960 tlsmgr 9.1.0.1960 trivial-rewrite 9.1.0.1960 verify 9.1.0.1960 virtual 9.1.0.1960 policy_DDA_setting.jsp 9.1.0.1960 policy_DDA_server_mgmt.jsp 9.1.0.1960 DDAServer.class 9.1.0.1960 DDAServerDAO.class 9.1.0.1960 DDASetting.class 9.1.0.1960 ProcQueueQueryDAO.class 9.1.0.1960 DDAServerMgmtAction.class 9.1.0.1960 DDASettingAction$1.class 9.1.0.1960 DDASettingAction.class 9.1.0.1960 DdaSettingForm.class 9.1.0.1960 UrlSandBoxExemptWordsSetting.class 9.1.0.1960 RuleAttrWrsForm.class 9.1.0.1960 Constants.class 9.1.0.1960 RuleAttribute.class 9.1.0.1960 UrlSandBoxExemptWordsDAO.class 9.1.0.1960 XMLAttributes.class 9.1.0.1960 SessionKeys.class 9.1.0.1960 RuleAttrWrsAction.class 9.1.0.1960 Utility.class 9.1.0.1960 BifInfo.class 9.1.0.1960 BifInfo$1.class 9.1.0.1960 BifConnect.class 9.1.0.1960 BifConnect$1.class 9.1.0.1960 rule_attr_wrs.jsp 9.1.0.1960 rule_attr_wrs_import.jsp 9.1.0.1960 url_sandbox_words_import.jsp 9.1.0.1960 url_sandbox_words_setting_home.jsp 9.1.0.1960 wrs_setting_home.jsp 9.1.0.1960 imss6Errors.properties 9.1.0.1960 imss6Errors_en.properties 9.1.0.1960 imss6Errors_ja.properties 9.1.0.1960 imss6Logs.properties 9.1.0.1960 imss6Logs_en.properties 9.1.0.1960 imss6Policy.properties 9.1.0.1960 imss6Policy_en.properties 9.1.0.1960 LogConst.class 9.1.0.1960 imss6Common_en.properties 9.1.0.1960 imss6Common.properties 9.1.0.1960 imss6Sql.properties 9.1.0.1960 imss6UIEvtLogs.properties 9.1.0.1960 imss6UIEvtLogs_en.properties 9.1.0.1960 imssOLH.properties 9.1.0.1960 imssOLH_en.properties 9.1.0.1960 imss6Backup.properties 9.1.0.1960 imss6Backup_en.properties 9.1.0.1960 imss.dat 9.1.0.1960 imss.root 9.1.0.1960 root.res 9.1.0.1960 apache 9.1.0.1960 php 9.1.0.1960 tomcat 9.1.0.1960 add_white_list.jsp 9.1.0.1960 smartsearch.dat 9.1.0.1960 dbscript.conf 9.1.0.1960 smtp_conn.jsp 9.1.0.1960 smtp_rule.jsp 9.1.0.1960 sys_patch_history.jsp 9.1.0.1960 sys_patch_progress.jsp 9.1.0.1960 imsa8WrsCategory.properties 9.1.0.1960 imsa8WrsCategory_en.properties 9.1.0.1960 imsa7patch_en.properties 9.1.0.1960 imsa7patch.properties 9.1.0.1960 PolicyLogs.class 9.1.0.1960 librule.so 9.1.0.1960 MsgTracing-0.2-py2.7.egg 9.1.0.1960 MsgTracing-0.2-py2.7.egg-info 9.1.0.1960 PatchInfoDAO.class 9.1.0.1960 PatchInfo.class 9.1.0.1960 LogQueryPolDAO.class 9.1.0.1960 QtQueryDAO.class 9.1.0.1960 ProcQueueQueryForm.class 9.1.0.1960 ProcQueueQueryAction.class 9.1.0.1960 PatchAction.class 9.1.0.1960 RuleAttrKeywordAction.class 9.1.0.1960 SmartProtectionScanServiceAction.class 9.1.0.1960 CommonParams.class 9.1.0.1960 ConditionAction.class 9.1.0.1960 LogQueryMsgDAO.class 9.1.0.1960 ConfigDomain.class 9.1.0.1960 DigestInlineActionAction.class 9.1.0.1960 EuqMessagesAction.class 9.1.0.1960 EuqViewMessageAction.class 9.1.0.1960 EuqDistributionListAction.class 9.1.0.1960 sys_dkim_sign_setting_detail.jsp 9.1.0.1960 LogQueryIpDAO.class 9.1.0.1960 kernel-2.6.32-754.6.3.el6.centos.plus.x86_64.rpm 9.1.0.1960 kernel-firmware-2.6.32-754.6.3.el6.centos.plus.noarch.rpm 9.1.0.1960 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2019, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan, Control Manager, eManager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide