<<<>>> Trend Micro Incorporated October 21, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) for IBM(TM) Domino(TM) for Microsoft(TM) Linux(TM) 5.6 64-bit Patch 2 - Build 4751 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail for IBM Domino for Linux 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 8.1 Patch 1 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail for IBM Domino for Linux ====================================================================== ScanMail for IBM Domino for Linux works in real time to prevent viruses, malicious code, and unwanted content from entering your Domino environment through mail, replication, or infected documents. 1.1 Overview of this Release =================================================================== This Patch consolidates all previous hotfix releases of ScanMail for IBM Domino for Linux 5.6 64-bit. 1.2 Who Should Install this Release =================================================================== Install this release if you are running the 64-bit version of ScanMail for IBM Domino for Linux 5.6. 2. What's New ====================================================================== NOTE: Please install this patch before completing any procedure in this section (see "Installation"). This patch addresses the following issues and includes the following enhancements: 2.1 Enhancements =================================================================== The following enhancements are included in this release: no TT no Hotfix Enhancement 1: Advance Threat Scan Engine - This patch enables ScanMail for Domino for Linux 5.6 to support the following new features of the Advanced Threat Scan Engine (ATSE): - "HEUR_HAS_MACR" rule (ATSE 9.740.1102 and higher builds) - aggressive rules level (ATSE 9.750.1016 and higher builds) Procedure 1: To enable the "HEUR_HAS_MACR" rule: a. Install this patch (see "Installation"). b. Update the ATSE engine to version 9.826.1149 or any higher version. c. In "smconf.nsf", select the "Scan Options > APT Prevention Filter > Select attachments to scan > Office with Macros" option. To set aggressive rule level: a. Install this patch (see "Installation). b. Update the ATSE engine to version 9.826.1149 or any higher version. c. In "smconf.nsf", select the "Scan Options > Security Risk Scan > Scan Mode Settings > Enable Advanced Threat Scan Engine > Scan Level" option and set the preferred level. SBM333491 SMID5.6 Win EN 4666 Enhancement 2: [Hotfix 4666] Scan Settings - This patch allows users to enable the following two options under the "Default Mail Scan > Scan Options > APT Prevention Filter > Scan Settings > Select attachments to scan" setting, simultaneously: - Suspicious files detected by Advanced Threat Scan Engine - Files with specified type SBM333491 SMID5.6 Win EN 4666 Enhancement 3: [Hotfix 4666] Trend Micro Deep Discovery Analyzer - This patch enables ScanMail for Domino for Linux 5.6 to support Deep Discovery Analyzer 5.5 servers. SBM346374 SMID5.6 Lin EN 4705 Enhancement 4: [Hotfix 4705] Security Logs - This patch adds the following information in security logs that ScanMail for IBM Domino sends to Trend Micro Control Manager(TM). Attribute ID: SLF_CategoryIDList Data Type: X_WSTRING Value: Category/categories returned by the TMUFE query each category is separated by a comma "," Maximum Length: 64 characters no TT no Hotfix Enhancement 5: Deep Discovery Advisor - This patch adds the following settings in the Deep Discovery Advisor Settings for communicating with the Deep Discovery Advisor server. - Maximum wait time for analysis ratings - Action on unanalyzed risks SBM347741 no Hotfix Enhancement 6: ATSE Advanced File Information - This patch allows users to enable ScanMail for IBM Domino to use ATSE Advanced File Information (AFI) to retrieve the file information of executable files, script files (VBE, VBS, JS, JSE, WSF, and PS1) that are not virus scanned by the engine, and macro files and to send these files to Deep Discovery Advisor for analysis. Procedure 6: To enable ScanMail for IBM Domino to use ATSE AFI to retrieve the executable files information: a. Install this patch (see "Installation"). b. In "smconf.nsf", select the "Scan Options > APT Prevention Filter > Select attachments to scan > Windows Executables" option. To enable ScanMail for IBM Domino to use ATSE AFI to retrieve the script files information: a. Install this patch (see "Installation"). b. In "smconf.nsf", select the "Scan Options > APT Prevention Filter > Select attachments to scan > Scripts" option. NOTE: The following hidden keys will no longer work after you install this patch. - SMD_ATSE_HEUR_HAS_MACR_ENABLED - SMD_ATSE_RULE_LEVEL 2.2 Resolved Known Issues =================================================================== This patch resolves the following issues: SBM339492 SMID5.6 Lin HFB4686 Issue 1: ScanMail for IBM Domino may stop unexpectedly while scanning password-protected compressed file attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 4663] This patch upgrades the eManager(TM) engine to ensure that ScanMail for IBM Domino can scan password- protected compressed file attachments. SBM328665 SMID5.6 windows HFB4673 Issue 2: An email message may be delivered to a restricted group that the email sender cannot access. This may happen because ScanMail for IBM Domino for windows needs to expand restricted groups and display its members before it can match rules correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4673] This patch resolves the issue by allowing users to configure ScanMail for IBM Domino for Linux to skip restricted groups and match rules for unrestricted groups only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To this error-handling mechanism: a. Install this patch (see "Installation"). b. Add the "SMDFilterUnexpandedGroup" hidden key to the "notes.ini" file and set its value to "1". c. Save the changes and close the file. d. Restart SMDreal. SBM335869 SMID5.6 windows HFB4678 Issue 3: ScanMail for IBM Domino for Linux cannot detect configuration changes in the smlists database automatically. As a result, users need to reload the smdreal process to update the configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 4678] This patch enables ScanMail for IBM Domino for Linux to update the smlists database configuration automatically. SBM335736 ISD5.6 windows HFB4679 Issue 4: An issue prevents ScanMail for IBM Domino for Linux from matching sender email addresses with the addresses in the approved and blocked senders lists of the anti-spam scanner correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 4679] This patch improves the way ScanMail for IBM Domino for Linux extracts the sender information from email messages to help ensure that it can match the information to the approved and blocked senders lists. SBM335056 no Hotfix Issue 5: ScanMail for IBM Domino for Linux will attempt to convert native encoding to UTF-8 if the attachment identification function of the eManager module encounters UTF-8 without BOM encoding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix updates the extract encoding method to enable ScanMail for IBM Domino for Linux to skip the information and pass it to the engine for processing. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this readme.txt, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Linux. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Linux. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== Trend Micro recommends installing the 64-bit version of ScanMail for IBM Domino for Linux 5.6 Service Pack 1 Build 4594 before installing this Patch. 5. Installation ====================================================================== This section explains key steps for installing this patch. 5.1 Installing =================================================================== To install: 1. Copy the "smid_56_lx64_en_sp1_patch2_b4751.tar.gz" installation file to a local folder. 2. Extract the contents of the installation file by running the following command: tar -zvxf smid_56_lx64_en_sp1_patch2_b4751.tar.gz 3. Go to the "smid_56_lx64_en_sp1_patch2_b4751" folder. 4. Run the following command: ./UPDSilent The "SMLD: Build 5.6.1.4751" message appears on the Domino console after the system completes the installation. 5.2 Uninstalling =================================================================== To roll back to the previous build: 1. Go to the "$SMLD_Binary_Folder/hotfix" directory. 2. Run the following command ./UPDSilent /u B4751 6. Post-installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues for this release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =============================================================== The following enhancements are included in this release: Enhancement 1: Trend Micro Data Loss Prevention(TM) Template - The Data Loss Prevention (DLP) template has been updated to version 3.1.1005 to add the "My number" template. Enhancement 2: APT Prevention Filter - Some information in the "Scan Option > APT Prevention Filter" has been updated to provide a more accurate description, from "Detected by Advanced Threat Scan engine" to "Suspicious files detected by Advanced Threat Scan engine". Enhancement 3: WRS - WRS now supports the "Ransomware" category. This ensures that ScanMail for IBM Domino for Linux 5.6 can detect hyperlinks that contain ransomware and to record these information in the log database. 8.1.2 Resolved Known Issues =============================================================== The following issues have been resolved in this release: Issue 1: When ScanMail for IBM Domino for Linux 5.6 detects a virus in a compressed file, it still takes action on the compressed file even after it has successfully cleaned the virus from the file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: ScanMail for IBM Domino for Linux 5.6 no longer takes action on a compressed file if it has successfully cleaned the virus from the file. Issue 2: The ScanMail for IBM Domino for Linux 5.6 attachment filter cannot filter attachments by extension names if it cannot retrieve the true file type of these attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: The ScanMail for IBM Domino for Linux 5.6 attachment filter now filter attachments by extension names even when it cannot retrieve the true file type of the attachments. Issue 3: When ScanMail for IBM Domino for Linux 5.6 scans an email message and the sender information is in the wrong format, for example "><..." or "...>", the SMDreal process stops unexpectedly and triggers the Domino server to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: ScanMail for IBM Domino for Linux 5.6 can now handle these messages properly. Issue 4: When both the "Security Risk Scan > Selected files" and the "APT Prevention Filter > File with specified types" options are selected, ScanMail for IBM Domino for Linux 5.6 cannot send messages to Deep Discovery Advisor for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: ScanMail for IBM Domino for Linux 5.6 can now successfully send messages to Deep Discovery Advisor for analysis under the scenario described above. Issue 5: When the "APT Prevention Filter > File with specified types > Executables and applications" option is selected, ScanMail for IBM Domino for Linux 5.6 does not take action on an ordinary x64 EXE/DLL file because it does not recognize that this type of file is under the "Executables and applications" category. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: ScanMail for IBM Domino for Linux 5.6 can now correctly recognize x64 EXE/DLL files. Issue 6: The Deep Discovery Analyzer server does not accept certain samples of email messages from ScanMail for IBM Domino for Linux 5.6. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: ScanMail for IBM Domino for Linux 5.6 now encodes email message samples in UTF-8 or URL-encodes the samples before sending these to Deep Discovery Analyzer for analysis. Issue 7: The End User Quarantine (EUQ) function does not work when "Cluster Trusting" is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The EUQ function now runs normally when "Cluster Trusting" is enabled. Issue 8: When users select one engine and one pattern file for update through the console, and the engine file is already up-to-date while the pattern file is not, ScanMail for Domino for Linux 5.6 cannot save the latest pattern files in the "smdtemp/au/ pattern" folder. If this happens, ScanMail cannot perform an incremental pattern update on the next pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ScanMail for Domino for Linux 5.6 can now successfully save the latest pattern files in the "smdtemp/au/pattern" folder. Issue 9: ScanMail for Domino for Linux 5.6 cannot send outbound messages that trigger rules to Deep Discovery Advisor for analysis if these messages do not contain any sender information or if ScanMail cannot retrieve the sender information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: ScanMail for Domino for Linux 5.6 can now send these messages to Deep Discovery Advisor for analysis. Issue 10: When the "SMD_UPD_START_NEW_SCANNER" setting is configured in "notes.ini", all SMDreal processes restart when an engine or pattern is deployed. However, an issue prevents ScanMail from properly calculating the total number of SMDreal processes, as a result, the total number of running SMDreal processes increases significantly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The total number of running SMDreal processes is now calculated correctly. Issue 11: The ScanMail for IBM Domino DLP filter may generate a false positive, when it scans a Microsoft Excel file and is triggered by the combined contents of adjacent cells. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: Users can now allow only the contents of a single cell to trigger the DLP filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To enable this solution: a. Open "notes.ini" using a text editor. b. Add the "SMD_ENABLE_STRICT_ENTITY_MATCH" hidden key to "notes.ini" and set its value to "1". Note: To revert to the old behavior, set the value to "0". c. Save the changes and close "notes.ini". d. Restart SMDreal. Issue 12: ScanMail for IBM Domino for Linux 5.6 may stop unexpectedly while the attachment filter scans a compressed file that contains files with long path names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: ScanMail for IBM Domino for Linux 5.6 can now scan this type of compressed files. 9. Files Included in this Release ====================================================================== Filename Build No. ------------------------------------------------------------------- libsmddbs.so 5.6.1.4751 libsmddtas.so 5.6.1.4751 libsmdemf.so 5.6.1.4751 libsmdext.so 5.6.1.4751 libsmdreal.so 5.6.1.4751 libsmdsch.so 5.6.1.4751 libsmdupd.so 5.6.1.4751 libProductLib.so 5.6.1.4751 libsmdmon.so 5.6.1.4751 libupdsmd.so N/A smconf.ntf N/A smmsg.nsf N/A smquar.ntf N/A DLP template 3.1.1005 ------------------------------------------------------------------- PredefinedDLPPolicy.dat ------------------------------------------------------------------- eManager module 7.5.0.1235 ------------------------------------------------------------------- adj.dat adj.idx adv.dat adv.idx american-name.txt cme.conf etyv libcme_dll.so libcme_vxe_dll.so libcme_vxe_dll_static.so libdlpEngine.so.0 libdtsearch.so libem_debug.so libem_helpr.so libem_RWLock.so libem_Thread.so libEmExpression.so libEmSynonym.a libicudata.so.51 libicui18n.so.51 libicuuc.so.51 libvsapi.so noun.dat noun.idx Policy_full.xml spanish-name.txt tmpe.pol tmpeEnum.xml verb.dat verb.idx ------------------------------------------------------------------- 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, eManager, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http:/www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide