<> Trend Micro Incorporated June 29, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.5 Service Pack 2 Patch 1 - Build 1707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About InterScan Web Security Virtual Appliance 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New? 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About InterScan Web Security Virtual Appliance ====================================================================== InterScan Web Security Virtual Appliance (IWSVA) is a highly scalable and reliable web security solution that includes virus protection for HTTP and FTP traffic. IWSVA delivers best-in-class HTTP and FTP virus scanning that leverages the administration, policy, and centralized management of Trend Micro's Enterprise Protection Strategy. 1.1 Overview of this Release =================================================================== IWSVA 6.5 Service Pack 2 Patch 1 is cumulative and contains all product changes released after IWSVA 6.5 Service Pack 2 GM Build. 1.2 Who Should Install this Release? =================================================================== Install this patch if you are currently running any IWSVA 6.5 Service Pack 2 build. 2. What's New? ====================================================================== Note: Please install this patch before completing any of the procedures indicated in this section (see "Installation"). This patch addresses the following issues: 2.1 Enhancements =================================================================== There are no enhancements in this release. 2.2 Resolved Known Issues =================================================================== Note: Patch 1 includes solutions to issues resolved in all fixes released from November 11, 2015 to June 17, 2016. Patch 1 resolves the following issues: Issue 1: Configuration replication may fail after users add a large amount of replication source information on the replication source machine. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1606] This patch ensures that configuration replication (TT-330566) works normally under the scenario described above. Issue 2: When IWSVA is deployed in bridge mode between a client and the proxy server, IWSVA may not be able to correctly categorize HTTPS websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1606] This patch ensures that IWSVA can correctly (TT-325466) categorize HTTPS websites when deployed in bridge mode between a client and the proxy server. Issue 3: Multicast data packets cannot pass through when IWSVA 6.5 is in bridge mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1606] This patch disables the "multicast_snooping" feature (TT-329888) to enable multicast data packets to pass through in bridge mode. Issue 4: Importing IWSVA 6.0 Service Pack 1 onto IWSVA 6.5 Service Pack 2 breaks the local SPS configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1606] This patch ensures that the local SPS configuration (TT-334243) file remains undamaged after importing the IWSVA 6.0 Service Pack 1 package onto IWSVA 6.5 Service Pack 2. Issue 5: IWSVA for Linux 6.5 Service Pack 2 does not support SMTP authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1606] This patch enables IWSVA to support SMTP (TT-328947) authentication. Issue 6: The IWSVA for Linux 6.5 Service Pack 2 stops unexpectedly while uploading log data while the log exception feature is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1606] This patch ensures that IWSVA can upload the log (TT-329327) data correctly while the log exception feature is enabled. Issue 7: In WCCP mode, the WCCPD daemon still communicates with the Cisco(TM) router after the HTTP/FTP scanning service stops. This results in HTTP/FTP traffic interruptions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1606] This patch adds a mechanism for monitoring the (TT-328981) status of the FTP/HTTP scanning service and the WCCPD daemon. This mechanism helps prevent HTTP/FTP traffic interruptions by stopping the WCCPD daemon from communicating with the Cisco server when the HTTP/FTP scanning service stops. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To enable this feature: a. Install this patch (see "Installation"). b. Run the following script: # nohup /usr/iwss/wccpd_monitor.py & Notes: The corresponding log will appear in the "/etc/iscan/log/wccpd_monitor.log" file. Issue 8: The DNS cache of IWSVA uses a fixed TTL setting of 12 hours and is not configurable. As a result, users may not be able to access certain websites with IP addresses that change frequently. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1606] This patch enables the DNS cache of IWSVA to (TT-332549) synchronize the TTL from the DNS server instead of using a fixed TTL. Issue 9: When users configure the local SPS through the web console, there are no instructions about the correct format for the SPS URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1606] This patch adds this information to the local SPS (TT-334245) instructions. Issue 10: IWSVA is affected by a certain vulnerability related to the autorun section in HTTP requests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hotfix 1606] This patch enables IWSVA to filter the malicious autorun section in HTTP requests to resolve the vulnerability. Issue 11: IWSVA 6.5 may generate several scheduled reports with the same timestamps. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1606] This patch ensures that IWSVA 6.5 does not generate (TT-330785) duplicate scheduled reports. Issue 12: The TMUSE engine stops unexpectedly when users enable the Dynamic URL Categorization feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 1606] This patch resolves this issue by updating the TMUSE (TT-333247) engine. Issue 13: Sometimes, users cannot successfully import the configuration file of IWSVA 6.5 Service Pack 1 to version 6.5 Service Pack 2 and the HTTP daemon may not be able to start. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Critical Patch 1608] This patch ensures that users can (TT-336035) successfully import the configuration file from IWSVA 6.5 Service Pack 1 to version 6.5 Service Pack 2. Issue 14: Sometimes, authentication fails when users add multiple domains in IWSVA 6.5 Service Pack 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch ensures that the authentication succeeds in multiple domain environments. Issue 15: After upgrading to IWSVA 6.5 SP2, users cannot access some HTTPS sites through IWSVA with HTTPS decryption enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures that users can access HTTPS sites successfully even when enabling HTTPS decryption. Issue 16: IWSVA 6.5 Service Pack 2 may stop unexpectedly and generate dump files while parsing special types of cookies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [Critical Patch 1608] This patch enables IWSVA 6.5 Service Pack 2 [SEGTT-336907] to handle special types of cookies. Issue 17: In IWSVA 6.5, administrators cannot retrieve reports for the last several days because the corresponding data have not been uploaded to the common log server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [Critical Patch 1608] This patch resolves the issue by enabling (TT-336728) IWSVA 6.5 to regulate the size of the upload queue, which helps ensure that the log agent on clients can parse data more efficiently. Issue 18: When doing migration from configuration from the latest build of IWSVA6.5 Service Pack 1, all the HTTPS websites cannot be accessed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: [Critical Patch 1608] This patch updates the configuration of SSL (TT-337176) methods to fix this issue. Issue 19: A race issue between the appd daemon and kernel prevents clients from connecting to the Internet in proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: [Hotfix 1609] This patch enables users to allow only the HTTP (TT-332780) scanning daemon to handle application control. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 19: To allow only the HTTP scanning daemon to handle application traffic: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in the "/etc/iscan/" folder. c. Locate or add the "enable_appd_daemon" key in the "app-control" section and set its value to "no". [app-control] enable_appd_daemon=no d. Save the changes and close the file. e. Restart the appd daemon by running the following command: /usr/iwss/S99ISappd restart Issue 20: Under certain conditions, when users add a period "." to an organizational unit (OU) in the "Base distinguished name" Active Directory (AD) setting and save the configuration, a "DC=" string is inserted instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: [Hotfix 1612] This patch ensures that the correct setting is saved (TT-337279) in the "http_config_user_idetification.jsp" file. Issue 21: An issue related to how IWSVA receives HTTP data triggers a high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: [Hotfix 1612] This patch resolves the issue. (TT-337061) Issue 22: When IWSVA generates reports based on an LDAP group that starts with the "&" token, the reports do not display any information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: [Hotfix 1612] This patch ensures that these reports display (TT-338606) complete and accurate information. Issue 23: Users receive blank pattern update notifications from IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: [Hotfix 1613] This patch ensures that pattern update notifications (TT-339400) from IWSVA contain complete and accurate information. Issue 24: Email notifications from IWSVA 6.5 Service Pack 2 cannot be displayed correctly because IWSVA cannot recognize and parse the "\n" characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: [Hotfix 1616] This patch ensures that IWSVA can correctly recognize (TT-341216) and handle "\n" as line breaks. Issue 25: A line in the Diagnostic Tool script file causes the FTP download testing to fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Hotfix 1616] This patch resolves the issue to ensure that the (TT-335781) Diagnostic Tool can perform FTP download testing correctly. Issue 26: Users may not be able to access certain HTTPS websites through IWSVA when the HTTPS decryption feature is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Hotfix 1617] This patch ensures that users can access HTTPS (TT-338216) websites normally when HTTPS decryption is enabled. Issue 27: When users download a file to the computer and the "Scan before delivery" option is enabled, the download process stops unexpectedly and the file will not be saved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: [Hotfix 1617] This patch updates the way IWSVA 6.5 Service Pack 2 (TT-339799) determines if a download has completed when the "Scan before delivery" option is enabled. This helps ensure that users can download files normally under this scenario. Issue 28: An issue related to how the rest APIs of the following functions receive parameters from users may leave the computer vulnerable to remote code execution attacks. - testConfiguration function - wmi_domain_controllers function - domains ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: [Hotfix 1618] This patch safeguards against remote code execution (TT-338692, attacks by enabling IWSVA to enclose input TT-338693, parameters in double quotation marks and to skip and TT-338695) special characters inside these parameters. Issue 29: An issue prevents ixEngine from identifying the upload protocol from Google Drive and DropBox, which prevents IWSVA from blocking these programs using Application Control. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: [Hotfix 1618] This patch adds new protocols in ixEngine to enable (TT-343197) it to block specific programs. Issue 30: The "X-Infection-Found:" header in ICAP responses is followed by two space characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: [Hotfix 1619] This patch removes the extra space character so that (TT-343676) the "X-Infection-Found:" header in ICAP responses is followed by a single space character. Issue 31: Users cannot access HTTPS websites with non-standard ports through IWSVA when both the upstream proxy and content cache are enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: [Hotfix 1621] This patch ensures that users can access HTTPS (TT341162) websites with non-standard ports through IWSVA when both the upstream proxy and content cache are enabled. Issue 32: The ransomware detections are not displayed on the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: [Hotfix 1622] This patch ensures that the total number of (TT-346050) ransomware detections displays on the Dashboard of the web console. Issue 33: The link to syncing Mozilla(TM) certificate authorities (CA) is out-of-date which prevents IWSVA from syncing certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch updates the link to make sure that IWSVA can sync Mozilla CA successfully. Issue 34: The "Enable FTP scanning" button is not greyed-out automatically in ICAP and reverse proxy modes, but this feature is not supported in these modes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: (TT345130) This patch enables IWSVA to grey-out the "Enable FTP scanning" button in FTP pages in ICAP and reverse proxy modes. Issue 35: IWSVA uses an HTTP channel by default for ActiveUpdate (AU). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch changes the default AU upgrade channel to an HTTPS channel. Issue 36: The Global approved and blocked lists has been enhanced for website option ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: (TT-342336) This patch enables users to configure IWSVA to add two entries to include both the domain and its sub domain in the Global approved and blocked lists when the website option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 36: To enable this feature: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "URL-blocking" section. [URL-blocking] convertDomain=yes c. Save the changes and close the file. d. Restart Tomcat(TM) by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 37: IWSVA does not record access logs when the network connection is interrupted unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch enables users to configure IWSVA to record an access log each time it detects that the network connection is interrupted unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 37: To enable IWSVA to record an access log each time it detects that the network connection is interrupted unexpectedly: a. Install this patch (see "Installation"). b. Open the "IWSSPIProtocolHttpProxy.pni" file in "/etc/iscan/" and add the following key in the "http" section. [http] enable_interrupted_log=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 38: The web browser uses the connect method to notify IWSVA that it will send an HTTPS request for a specific website. Usually, the connect method requires the host name, however, in special environments, it uses several extra headers such as the "X-FORWARDED-FOR" and some custom-built headers. A user requests for a way to enable IWSVA to record logs for these requests which can be differentiated according to the headers used in the connect method. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch provides a "customized text-based log" feature which can customize the HTTP header and keep the connect method to log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 38: To enable this feature: a. Install this patch (see "Installation"). b. Disable https decryption in the IWSVA web console. c. Enable text log, specify the header name which will appear in the log format setting. For example: `log_format=%a|%u|%H|%{ca_forwarded_for}h| %{x_forwarded_for}h|%{recv_request_begin}t|%{host}h| %r|%s|%{downstream_payload}p|%{handle_time}l|%n| %w|%m|%{name}f|%{size}f` Note: This setting will enable IWSVA to generate logs for requests using the header value if the header name is "x_forwarded_for" and "ca_forwarded_for". The header name is case insensitive and "_" is treated as "-". d. Open the " log_format.ini" file in "/etc/iscan/" and set "enable_text_based_log=yes" under the "text_log" section. e. Save the changes and close the file. f. Reload the daemon by running the following command: $/etc/iscan/S99ISproxy reload g. Check the log files in IWSVA. The log file is located in "/var/textlog/customized_access*" by default. Issue 39: The IWSVA socks proxy server does not support authentication and XML firewalling. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch switches the socks proxy from "ssh" to "antinat" to enable it to support authentication and XML firewalling. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 39: To enable this feature: a. Install this patch (see "Installation"). b. Enable the socks proxy by adding the following lines in "/etc/iscan/network.ini": socks5_proxy_enabled=yes socks5_proxy_port=1080 c. Specify the other settings. - enable authentication for the request, for example: socks5_auth_enable=yes - specify the username and password for authentication, separating each user with a ";", for example: socks5_auth_users=testuser/ testpassword;testuser2/testpassword2 - specify the destination port to block, separate each port with a ";", for example: socks5_reject_dstport=443;8443 - specify the default action for the socks proxy, for example: default_allow_action=yes Notes: - "yes" means the default action is "allow", coordinate with the "socks5_reject_srcip" setting. - "no" means the default action is "reject", coordinate with the "socks5_allow_srcip" setting - specify the source IP range that should be blocked, for example: socks5_reject_srcip=172.16.0.0/12;127.0.0.1/32 - specify the source IP range which is allowed, for example: socks5_allow_srcip=172.16.0.0/12;127.0.0.1/32 d. Save the changes and close the file. e. Restart the socks proxy service by running the following command: $/etc/iscan/S99ISsocks5 restart Issue 40: IWSVA does not list down all websites that require client certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch provides a way to configure IWSVA to list down all websites that require client certificates allows users to configure whether it should tunnel or block these websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 40: To enable this feature: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the " https-scanning" section. [https-scanning] clientcert_handling_enhance=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 41: IWSVA does not support high availability (HA) in forward proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This patch provides a way for users to enable IWSVA to support active/active HA mode and active/standby HA mode in forward proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 41: To enable IWSVA to support active/active HA mode and active/standby HA mode in forward proxy mode: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/", add the following lines. [HaProxy] enable=1 c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 42: IWSVA does not support customized ip-user cache TTL for specific usernames. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This patch enables users to customize the ip-user cache TTL for specific usernames. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 42: To customize the ip-user cache TTL for specific usernames: a. Install this patch (see "Installation"). b. Set the number of the users that will be configured with custom TTL for ip-user cache by adding the following lines in "/usr/iwss/ commonldap/LdapCache.ini": [CustomTTL] UserNum=x Note: the maximum value of "UserNum" is 64. c. Set the sub-items for the detailed username and TTL starting with "0" as the suffix of the "User_" section and increasing by degrees. For example: [User_0] username=domain1\username1 TTL=90 [User_1] username=domain2\userame2 TTL=30 Note: Use the full "domain\username" format to set the username. d. Save the changes and close the file. e. Restart IWSVA by running the following commands: $/etc/iscan/S99ISAuthDaemon stop $/etc/iscan/S99ISproxy stop $rm /usr/iwss/commonldap/.authentication_cache.dat $/etc/iscan/S99ISAuthDaemon start $/etc/iscan/S99ISproxy start Issue 43: Some environments may use several LDAP servers and need a customized notification page for users from each domain. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This patch enables users to customize the notification page for each domain. Issue 44: IWSVA does not support Full Kerberos Authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This patch provides a way to enable IWSVA to support Full Kerberos Authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 44: To enable IWSVA to support Full Kerberos Authentication: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "user-identification" section. [user-identification] enable_full_kerberos_feature=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 45: Users cannot disable autoswitch for SPS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This patch allows users to disable SPS autoswitch. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 45: To disable SPS autoswitch: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "Scan-configuration" section. [Scan-configuration] enable_auto_switch=0 c. Save the changes and close the file. d. Reload the daemon by running the following command: /etc/iscan/S99ISproxy reload Issue 46: When the "scan before delivery" option is enabled, users are warned of space characters in the "tmpfs" file in "/var/iwss/tmp/". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: (TT-339805) This patch updates the mechanism for the "scan before delivery" option to resolve this issue. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IWSVA. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IWSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IWSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== Install this Patch on computers running any build released after IWSVA 6.5 Service Pack 2 Build 1548. 5. Installation ====================================================================== This section explains key steps for installing. 5.1 Installing =================================================================== To install: 1. Download the "iwsva_65_sp2_ar64_en_patch1.tgz" patch file onto your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the patch file and click "Open". 6. Click "Upload". Your browser uploads the patch file to IWSVA and IWSVA validates if the file is a legitimate patch. 7. Click "Install". Note: Applying this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5.2 Uninstalling =================================================================== To roll back to the previous build: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "patch1". A confirmation page appears. 4. Verify the patch ID and description on the confirmation page. 5. Click "Uninstall". Note: Removing this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 6. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues for this patch release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 9. Files Included in this Release ====================================================================== Filename Build No. =================================================================== libdaemon.so 1707 svcmonitor 1707 isdelvd 1707 libiwsshelper.so 1707 libproductbase.so 1707 report_logsetting.jsp 1707 lang.js 1707 report_logsetting.js 1707 IWSSGui.jar 1707 IWSSPIDlpFilter.so 1707 IWSSPIDpi.so 1707 IWSSPIJavascan.so 1707 IWSSPINcie.so 1707 IWSSPIScanVsapi.so 1707 IWSSPISigScan.so 1707 IWSSPIUrlFilter.so 1707 libftp.so 1707 libhttpproxy.so 1707 libicap.so 1707 tmpstring.js 1707 allwidgets.json 1707 log_agent.ini 1707 iwss_log_converter.py 1707 logFilteringByHits.py 1707 common_id.py 1707 client.py 1707 syncclientcert.sh 1707 HttpsClientCertTunnelDomains.ini 1707 https_clientcertificate_tunneling.jsp 1707 httpsdecrypt_client_certificate_handling.jsp 1707 libuiauutil.so 1707 libHTTPSDecryption.so 1707 lg_remove_old_clientcert.sql 1707 ui_GetDiffCountsLogClientCertificateOnedayuser.sql 1707 ui_GetDiffLogClientCertificate.sql 1707 ui_GetCountsLogClientCertificatedomain.sql 1707 ui_GetDiffCountsLogClientCertificateSevendaydomain.sql 1707 ui_GetDiffLogClientCertificateuserdomain.sql 1707 ui_GetCountsLogClientCertificateOnedaydomain.sql 1707 ui_GetDiffCountsLogClientCertificateSevenday.sql 1707 ui_GetDiffLogClientCertificateuser.sql 1707 ui_GetCountsLogClientCertificateOneday.sql 1707 ui_GetDiffCountsLogClientCertificateSevendayuserdomain.sql 1707 ui_GetLogClientCertificatedomain.sql 1707 ui_GetCountsLogClientCertificateOnedayuserdomain.sql 1707 ui_GetDiffCountsLogClientCertificateSevendayuser.sql 1707 ui_GetLogClientCertificateOnedaydomain.sql 1707 ui_GetCountsLogClientCertificateOnedayuser.sql 1707 ui_GetDiffCountsLogClientCertificate.sql 1707 ui_GetLogClientCertificateOneday.sql 1707 ui_GetCountsLogClientCertificateSevendaydomain.sql 1707 ui_GetDiffCountsLogClientCertificateuserdomain.sql 1707 ui_GetLogClientCertificateOnedayuserdomain.sql 1707 ui_GetCountsLogClientCertificateSevenday.sql 1707 ui_GetDiffCountsLogClientCertificateuser.sql 1707 ui_GetLogClientCertificateOnedayuser.sql 1707 ui_GetCountsLogClientCertificateSevendayuserdomain.sql 1707 ui_GetDiffLogClientCertificatedomain.sql 1707 ui_GetLogClientCertificateSevendaydomain.sql 1707 ui_GetCountsLogClientCertificateSevendayuser.sql 1707 ui_GetDiffLogClientCertificateOnedaydomain.sql 1707 ui_GetLogClientCertificateSevenday.sql 1707 ui_GetCountsLogClientCertificate.sql 1707 ui_GetDiffLogClientCertificateOneday.sql 1707 ui_GetLogClientCertificateSevendayuserdomain.sql 1707 ui_GetCountsLogClientCertificateuserdomain.sql 1707 ui_GetDiffLogClientCertificateOnedayuserdomain.sql 1707 ui_GetLogClientCertificateSevendayuser.sql 1707 ui_GetCountsLogClientCertificateuser.sql 1707 ui_GetDiffLogClientCertificateOnedayuser.sql 1707 ui_GetLogClientCertificate.sql 1707 ui_GetDiffCountsLogClientCertificatedomain.sql 1707 ui_GetDiffLogClientCertificateSevendaydomain.sql 1707 ui_GetLogClientCertificateuserdomain.sql 1707 ui_GetDiffCountsLogClientCertificateOnedaydomain.sql 1707 ui_GetDiffLogClientCertificateSevenday.sql 1707 ui_GetLogClientCertificateuser.sql 1707 ui_GetDiffCountsLogClientCertificateOneday.sql 1707 ui_GetDiffLogClientCertificateSevendayuserdomain.sql 1707 ui_GetDiffCountsLogClientCertificateOnedayuserdomain.sql 1707 ui_GetDiffLogClientCertificateSevendayuser.sql 1707 left.jsp 1707 ha_proxy_active_active.jsp 1707 ha_proxy_active_standby.jsp 1707 i18n_warnmsg.js 1707 web.xml 1707 iwsvafw.sh 1707 ui_AddHaProxyDevice.sql 1707 ui_AddHaProxyEvent.sql 1707 ui_DeleteHaProxyAllDevice.sql 1707 ui_DeleteHaProxyDevice.sql 1707 ui_DeleteHaProxyEvent.sql 1707 ui_GetHaProxyDevice.sql 1707 ui_GetHaProxyDeviceCount.sql 1707 ui_GetHaProxyDeviceList.sql 1707 ui_GetHaProxyEventList.sql 1707 libcommoncache.so 1707 jscan.jar 1707 libIWSSAuthClient.so 1707 create_krb5.sh 1707 AuthDaemon 1707 LdapSyncTool 1707 libcommonldap.so 1707 test_configure 1707 http_config_user_idetification.jsp 1707 ldapUtil.js 1707 iwsvaAdmin.properties 1707 ransomware_dashboard.jsp 1707 iwsvaHttp.properties 1707 dashboard.html 1707 ca_converter.py 1707 urlblocking.jsp 1707 trustedurl.jsp 1707 commonurllist.js 1707 DiagnosticTool.sh 1707 ConfigCMP.py 1707 diagnostic_tool.ini 1707 httpsdecrypt_ssl_method.jsp 1707 LDAP_query_handler.py 1707 email_sender.py 1707 FtpDownload.sh 1707 libtmprotocols.so.2003317 1707 cache_helper.sh 1707 rcIwss 1707 IWSVA_6.5-SP1_Linux.tar 1707 wccpd_monitor.py 1707 report_task.py 1707 report_template.py 1707 notifications_smtp.jsp 1707 email_sender_logging.ini 1707 libtmuseng.so.1.0.1013 1707 db_table_convert_6.5sp1_to_6.5sp2.py 1707 agent_config.py 1707 rule_file_va6.5sp1_to_va6.5sp2.xml 1707 iwss-process 1707 S99ISproxy 1707 CollectProductInfo.sh 1707 CDT_Config.ini 1707 ftp_config_action.jsp 1707 ftp_config_dlp.jsp 1707 ftp_config_exception.jsp 1707 ftp_config_spyware.jsp 1707 report_action.jsp 1707 report_action.js 1707 report_engine.py 1707 report_config.py 1707 report_config.ini 1707 dashboard_settings.js 1707 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http:/www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide