<<<>>> Trend Micro, Inc. May 16, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.0 Critical Patch - Build 1262 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Critical Patch was developed as a workaround or solution to a customer-reported problem. As such, this Critical Patch has received limited testing and has not been certified as an official product update. Consequently, THIS HOT FIX IS PROVIDED "AS IS." TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Contents =================================================================== 1. Critical Patch Release Information 1.1 Issues 1.2 Enhancements 1.3 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Critical Patch Release Information ======================================================================== 1.1 Issues ===================================================================== This Critical Patch resolves the following issue: Issue: [Critical Patch 1262] (TT-338692, TT-338693, TT-338695, and TT-340002) Several APIs which are used by IWSVA could allow remote code execution ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This Critical Patch resolves the issue. 1.2 Enhancements ===================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in this Release ===================================================================== A. Files for Current Issues --------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------ iwss-process 1262 svcmonitor 1262 isdelvd 1262 Files for Issue --------------------------------------------------------------------- Filename Build No. ----------------------------------------------------------------- IWSSGui.jar 1262 B. Files for Previous Solutions --------------------------------------------------------------------- IWSSPIScanVsapi.so 1249 funcs.sh 1249 libhttpproxy.so 1249 appd 1249 rule_file_va6.0_to_va6.0.xml 1249 libtmufeng.so 3.6.1017 IWSSPIScanVsapi.so 1251 chart_handler.py 1254 db_table_convert_5.6_to_6.0.py 1256 2. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Readme.txt - basic installation, known issues, release history and contact information o Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 3. System Requirements ======================================================================== Trend Micro recommends installing IWSVA 6.0 Patch 1 Build 1246 before installing this Critical Patch. 4. Installation/Uninstallation ======================================================================== 4.1 Installation ===================================================================== To install this Critical Patch: 1. Download the "iwsva_60_ar64_en_cpb1262.tgz" Critical Patch file to your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the "iwsva_60_ar64_en_cpb1262.tgz" Critical Patch file and click "Open". 6. Click "Upload" Your browser uploads the Critical Patch file to IWSVA which validates if the file is a legitimate Critical Patch. 7. Click "Install" to apply the Critical Patch and update IWSVA to build 1262. The HTTP and FTP services in IWSVA restart automatically. NOTE: Applying this Critical Patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 8. Clear the browser cache. 4.2 Uninstallation ===================================================================== To uninstall the Critical Patch: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "cpb1262" and verify the Critical Patch ID and description in the confirmation page that appears. 4. Click "Uninstall" to remove Critical patch 1262 and rollback IWSVA to the previous build. The HTTP and FTP services in IWSVA restart automatically. NOTE: Removing this Critical Patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this Critical Patch. 6. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 7. Release History ======================================================================== See the following web site for more information about updates to this product: http://www.trendmicro.com/download/product.asp?productid=86 Hot Fix 1254 Issue: [Hot Fix 1254] (TT-285940) InterScan Web Security Virtual Appliance (IWSVA) 6.0 cannot create bar charts in reports that contain special characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix enables IWSVA 6.0 to handle special characters in reports to ensure that it can create the required charts. Hot Fix 1251 Issue 1: [Hot Fix 1251] (TT-283874) An issue with the TMUFE library may corrupt the cache file and trigger IWSVA to generate a large number of core dump files. This can cause the IWSVA HTTP scan daemon to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix updates the TMUFE library to resolve the issue. Issue 2: [Hot Fix 1251] (TT-284535) When the "Block These File Types" option is configured to block some file types, IWSVA still scans these files when users attempt to download these types of files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix prevents IWSVA from running a full scan on blocked files. Issue 3: If the action of the special file scanning function is set to "PASS" and IWSVA encounters special files such as password-protected and corrupted zip files, IWSVA records the events as "file type blocking" in the "Internet Security" log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hot fix ensures that IWSVA does not record scans on special files as "file type blocking" in the "Internet Security" log if the special file scanning action is set to "PASS". Hot Fix 1249 Issue 1: [Hot Fix 1249] (TT-285358) IWSVA identifies Microsoft(TM) Office(TM) 2007 and 2010 files as PKZIP files. As a result, IWSVA blocks Office 2007 and 2010 files when it is configured to block all compressed files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix enables IWSVA to accurately identify Office 2007 and 2010 files to ensure that IWSVA does not block these files when IWSVA is configured to block all compressed files. Issue 2: [Hot Fix 1249] (TT-282050) The "Configure System Harddisk" clish command does not work in IWSVA 6.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix ensures that users can successfully add a new hard disk and extend the IWSVA data partition space using the "Configure System Harddisk" clish command. Issue 3: In LDAP cookie mode, some fields in access logs that should contain specific user information also display the user's domain name. For example, a certain field displays "domain\eng user 5" instead of "eng user 5". This occurs because in LDAP cookie mode, the user information in the domain cookies contain the domain information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hot fix enables IWSVA 6.0 to skip the domain information and use only the particular user information for logs and for matching policies in LDAP cookie mode. Issue 4: When the IP-User cache is disabled and IWSVA is deployed in proxy mode and uses standard authentication, the HTTPS decrypting policies that are based on user accounts do not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: After installing this hot fix, when IWSVA is deployed in proxy mode and uses standard authentication, HTTPS traffic will also be required to go through authentication. This can help ensure that HTTPS decrypting policies that are based on user accounts work properly. Issue 5: Reports for "Top N application visited" show a 500 error code when users run some new applications such as Office 365. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The hot fix resolves the error to ensure that "Top N application visited" reports display the correct information. Issue 6: When users migrate the configuration of an IWSVA to another IWSVA, some settings are not applied successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hot fix ensures that when users migrate IWSVA configurations, all the settings are applied correctly and successfully to the target IWSVA. Hot Fix 1256 Issue: [Hot Fix 1256] (TT-285940) Users encounter an ""HTTP Error" message when they view the HTTP policy after importing an InterScan Web Security Virtual Appliance (IWSVA) 5.6 package. This issue occurs when the HTTP policy may miss some parameters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix enables IWSVA 6.0 to effectively handle this type of situation and add correct parameters after migration. 8. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro by fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers? needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, and InterScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide