<<<>>> Trend Micro, Inc. March 14, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Email Inspector 2.5 Service Pack 1 Critical Patch - Build 1182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Critical Patch Release Information 1.1 Issues 1.2 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hot Fixes/Critical Patches 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Critical Patch Release Information ======================================================================= 1.1 Issues ==================================================================== This Critical Patch resolves the following issues: Issue 1: In Deep Discovery Email Inspector, the Apache and Postfix modules may use Data Encryption Standard (DES) or triple DES ciphers for the SSL/TLS protocol. This triggers a CVE-2016-2183 vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves the vulnerability by disabling DES and triple DES ciphers in Deep Discovery Email Inspector. Issue 2: Redundant and useless PHP and HTML files cause vulnerabilities in the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Critical Patch removes the redundant and useless PHP and HTML files to resolve the vulnerabilities. Issue 3: High CPU Usage alerts display inaccurate CPU usage information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Critical Patch ensures that the CPU usage information in High CPU Usage alerts is consistent with the information on the "Triggered Alerts" page. 1.2 Files Included in this Release ==================================================================== A. Files for Current Issues -------------------------------------------------------------------- Filename Build No. -------------------------------------------------------------------- ddei_25_sp1_lx_en_criticalpatch1182.tgz.tar 1182 B. Files for Previous Issues -------------------------------------------------------------------- Not applicable 2. Documentation Set ======================================================================= To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Deep Discovery Email Inspector. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining Deep Discovery Email Inspector. - Quick Start Card (QSC): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get Deep Discovery Email Inspector "up and running". - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 3. System Requirements ======================================================================= Trend Micro recommends installing this Critical Patch only on the EN version of Deep Discovery Email Inspector 2.5.1 Build 1118. 4. Installation ======================================================================= This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Click "Administration > Product Updates > Hot Fixes / Patches". The "Hot Fixes / Patches" screen appears. 2. Click "Browse" and select the "ddei_25_sp1_lx_en_criticalpatch1182.tgz.tar" critical patch file. 3. Click "Apply". 4. Verify that the Critical Patch has been successfully installed. a. Click "Administration > Product Updates > Hot Fixes / Patches". In the "History" table, verify that "Build" is "1182" and "Description" is "Critical patch 1182". b. Click "Help > About". The "About" screen appears. c. Verify that "Hot fix" is "1182". Note: The software version of the device will NOT change after applying this hotfix. Deep Discovery Email Inspector will restart automatically after Critical Patch installation. 5. Clean the browser cache. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Click "Administration > Product Updates > Hot Fixes / Patches". The "Hot Fixes / Patches" screen appears. 2. Click "Roll Back". 3. Verify that the Critical Patch has been successfully uninstalled. a. After Deep Discovery Email Inspector restarts, verify that the hotfix number has been removed from the "About" screen on the management console. b. Click "Administration > Product Updates > Hot Fixes / Patches". The "History" table should be empty. NOTE: Deep Discovery Email Inspector will restart automatically after Critical Patch uninstallation. 5. Post-Installation Configuration ======================================================================= No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================= There are no known issues for this hotfix release. 7. Release History ======================================================================= For more information about updates to this product, go to: http://www.trendmicro.com/download 7.1 Prior Hotfixes ==================================================================== NOTE: Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release. Hotfix 1121 Enhancement: This hotfix adds a hidden configuration page to allow users to disable the detection log upload to Trend Micro Control Manager(TM). Procedure: To disable the detection log upload to Control Manager: a. Access "https://DDEI/hidden/rdqa.php" through a web browser window and login in using a valid account and password. b. Go to the "Internal Support and Testing > TMCM Setting" page. c. Select the corresponding checkbox. d. Click "Save". Hotfix 1124 Issue: Deep Discovery Email Inspector may not be able to scan PDF files that are encrypted with "document opening require password" or "require password for other actions" protection because it cannot distinguish these two types from each other. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to distinguish between a PDF file that has been encrypted with "document opening require password" protection and one with "require password for other actions" protection. Enhancement 1: This hotfix updates the Usandbox module to enable it to support cmd and bat script file types. Enhancement 2: This hotfix enables the "Image Import Tool" to import images that are between 10 to 12 GB in size successfully. Hotfix 1131 Issue: A browser compatibility issue prevents some contents of the Blocking and Warning Pages of the Deep Discovery Email Inspector web console from displaying correctly in Microsoft(TM) Internet Explorer(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix ensures that the Blocking and Warning Pages display normally in Internet Explorer. Hotfix 1134 Issue: Deep Discovery Email Inspector still attempts to insert an end stamp to email messages that do not contain an email body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix prevents Deep Discovery Email Inspector from inserting an end stamp to email messages that do not have an email body. Hotfix 1136 Issue 1: When Deep Discovery Email Inspector checks user- specified recipient email addresses for notification and reports recipients, it may treat certain internal domain email addresses as invalid. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the checking logic to ensure that it can correctly recognize and allow the affected internal domain addresses. Issue 2: When users add objects in the "Policy > Exceptions" page, the time information is displayed in UTC time instead of in the local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the "Exceptions" page displays time information in the local time. Issue 3: Sometimes, Deep Discovery Email Inspector cannot translate the NIC name from "em" to "eth", which may prevent it from starting successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the NIC translation issue to ensure that Deep Discovery Email Inspector can start up successfully. Hotfix 1138 Issue 1: Users encounter a web browser compatibility issue while accessing the Blocking and Warning Pages of the Deep Discovery Email Inspector console in Internet Explorer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue to ensure that users can access the Blocking and Warning Pages of the Deep Discovery Email Inspector console in Internet Explorer. Issue 2: When an email message contains two same malicious file attachments, Deep Discovery Email Inspector removes just one of the attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that Deep Discovery Email Inspector removes all malicious file attachments from email messages. Issue 3: When users log on to the After Deep Discovery Email Inspector web console by Single Sign-On (SSO) from the Control Manager console, they may encounter a "Permission denied" message while attempting to access certain pages of the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that users can access the pages of the Deep Discovery Email Inspector web console through SSO from Control Manager normally. Hotfix 1142 Enhancement 1: This hotfix updates the Usandbox module. Enhancement 2: This hotfix enables the "EnablePauseVM" setting in the sandbox module to prevent it from triggering the "Virtual Analyzer Stopped" alert in certain scenarios. Hotfix 1144 Issue: Deep Discovery Email Inspector may not be able to recognize some email formats that prevents it from parsing the attachments or URLs of specially formatted email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to parse attachments and URLs in email messages that follow certain special formats. Enhancement 1: This hotfix updates the TmMsg module to recognize email formats that contain strings after the last boundary. Enhancement 2: This hotfix optimizes the Threat Connect hyperlink to ensure that it redirects to the correct page. Hotfix 1151 Issue 1: The "Msgtracing" page of Deep Discovery Email Inspector sometimes does not show the email log with "no risk" level. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the "Msgtracing" page shows all the email logs, including the "no risk" email log. Issue 2: Deep Discovery Email Inspector sometimes restarts unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix disables the Huge Pages parameter of Java to avoid the unexpected system restart. Issue 3: Deep Discovery Email Inspector sometimes cannot handle some shortened URLs correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix enhances the logic of the URL extractor part to handle special shortened URLs. Hotfix 1159 Enhancement 1: This hotfix fixed some user interface (UI) vulnerabilities to improve the security of the front- end interface. Enhancement 2: This hotfix enhances the scanning workflow so that Deep Discovery Email Inspector (DDEI) could extract files linked and embedded in Microsoft(TM) Office(TM) files and then send these onto Virtual Analyzer if the true file type is supported and selected. Hotfix 1165 Issue: Deep Discovery Email Inspector fails to parse encrypted PDF samples consisting of image files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to parse encrypted PDF samples consisting of image files. Enhancement 1: This hotfix adds a hyperlink to allow users to download quarantined emails detected as malformed. Hotfix 1173 Enhancement 1: This hotfix modifies the CPU alert mechanism to avoid incorrect declarations. Enhancement 2: This hotfix adds a logic that filters exception configurations synchronized with Control Manager. Enhancement 3: This hotfix updates the Usandbox module to enable it to support Scalable Vector Graphics (SVG) and Microsoft(TM) Publisher 2016 file types. Hotfix 1181 Issue 1: Trend Micro Control Manager(TM) may not be able to parse certain detection logs that it receives from Deep Discovery Email Inspector. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that all detection logs that Deep Discovery Email Inspector sends to Control Manager can be parsed without issues. Issue 2: When users set the time zone setting to a non-integer number, the wrong time zone setting appears on the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the correct time zone setting appears on the Deep Discovery Email Inspector web console. Issue 3: A message tracing log remains in "Pending" status when the sender's email address contains certain special characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue to ensure that the Msgtracing module can handle the email status information correctly. Enhancement: This hotfix enables the URL extraction module to handle URLs that contain a zero width space character. 8. Contact Information ======================================================================= A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================= Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ======================================================================= View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide