<> Trend Micro Incorporated August 16, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) for IBM(TM) Domino(TM) for Microsoft(TM) Windows(TM) 5.6 64-bit Patch 4 - Build 4857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents =================================================================== 1. About ScanMail for IBM Domino for Windows 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 8.1 Patch 1 8.2 Patch 2 8.3 Patch 3 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About ScanMail for IBM Domino for Windows ======================================================================== ScanMail for IBM Domino for Windows works in real time to prevent viruses, malicious code, and unwanted content from entering your Domino environment through mail, replication, or infected documents. 1.1 Overview of This Release ===================================================================== This patch consolidates all previous hotfix releases of ScanMail for IBM Domino for Windows 5.6 64-bit. 1.2 Who Should Install This Release ===================================================================== Install this release if you are running ScanMail for IBM Domino for Windows 5.6 64-bit version. 2. What's New ======================================================================== Note: Please install the Patch/SP before completing any procedures in this section (see "Installation"). This patch addresses the following issues and/or includes the following enhancement(s): 2.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [Hotfix 4827] This hotfix enables ScanMail for IBM Domino to mask (SEG 12365) the protected contents in the subject or mail body of an email message that triggers the Data Loss Prevention (DLP) filter when the "Mask content and pass" action is enabled. ScanMail for IBM Domino will mask the sensitive content in the subject or body of an email message starting from the first character but will show the last four characters. It will consider all characters in the original sensitive content as sensitive and will replace these contents including blanks with an asterisk "*". NOTE: The "Mask content and pass" action works only when the subject or body of the email message triggers the DLP filter and does not work when other parts of the mail ("From", "To", "CC", "attachment content", "attachment file name") match the DLP filter. Enhancement 2: [Hotfix 4851] This hotfix enables ScanMail for IBM Domino 5.6 to (SEG 25498) comply with General Data Protection Regulation (GDPR). Enhancement 3: This modification enables ScanMail for IBM Domino to allow the smdcm task to quit when the CMAgent setting is invalid instead of going into an endless loop waiting for the CMAgent setting to become valid again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To prevent smdcm from waiting for the CMAgent setting to become valid: 1. Install this patch (see "Installation"). 2. Open the "notes.ini" file in the Domino data directory. 3. Add the "SMD_DISABLE_SMDCMOnNoReg" setting to the "notes.ini" file and set its value to "1". 4. Save the changes and close the file. 5. Restart smdcm. 2.2 Resolved Known Issues ===================================================================== NOTE: Please install the release before completing any procedures in this section (see "Installation"). This release resolves the following issues: Issue 1: Users receive the "Unable to load dynamic library 'nsmdupd.dll'" error message after running the "load smdupd" command on the Domino console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 4808] This hotfix allows users to enable ScanMail to use the Windows API to load a library if it cannot load the library using the Domino API. Installing this hotfix also enables users to add a debug log file for the library loading process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable ScanMail to use Windows API to load a library if it cannot load this library with Domino API: 1. Install this hotfix (see "Installation"). 2. Log on to the Domino console and run the following commands: * `set conf SMD_LOAD_LIBRARY_ABS=1` * `set conf SMD_WINDOWS_API_ENABLE=1` NOTE: To disable this option, set both keys to "0". To add a debug log file for the library loading process: 1. Install this hotfix (see "Installation"). 2. Log on to the Domino console and run the following command: * `set conf SMDLoaderDebug=1` NOTE: To disable this option, set the key to "0". Issue 2: The notes in the ScanMail Deep Discovery Advisor Quarantine Database indicate that some messages are in "Waiting for Upload to Deep Discovery Advisor" status even after the messages have been uploaded successfully. This happens because the notes cannot be updated when the UNK (Unique Key) table in the database exceeds the 64 KB limit. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4824] This hotfix adds the "X_DTAS_SHA1_FILEINFO_RESULT" column to the UNK (Unique Key) table in the database to store the SHA1 value with the check results serialized into one single text list item (per SHA1 code). This allows the table to hold more information and help prevent it from exceeding the limit. NOTE: This hotfix only prevents the issue from occurring and does not reduce the size of the UNK table. If you have encountered the issue, you need to run the following command on the Domino console to reduce the size of the UNK table. * `load compact smd\smddtas.nsf -c` Issue 3: The content filter will not be triggered when the mail body size is larger than 64 KB. It is because there is a bug in code that results in not scanning content more than 64 KB in the message body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This modification allows the content filter to be triggered normally when the mail body size is larger than 64 KB. Issue 4: ScanMail for IBM Domino holds an email message in the Deep Discovery Advisor quarantine database ("smddtas.nsf") when the following conditions occur: * ScanMail resends or forwards an email message from the ScanMail quarantine database("smquar.nsf") quarantined by the Advanced Persistent Threat (APT) Prevention Filter. * ScanMail resends or forwards the same email message to another server where ScanMail is working normally. * The "Send messages to Deep Discovery Advisor for analysis" configuration option is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 4842] The ScanMail Deep Discovery Advisor quarantine database holds email messages due to the "DTAS_SUSPICIOUSFILE" tag. After applying this hotfix, ScanMail deletes the tag before the ScanMail quarantine database can resend or forward email messages. Issue 5: ScanMail for IBM Domino for Windows does not send a notification after detecting an EICAR ZIP file when the "Any uncleanable virus" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 4849] This hotfix resolves the issue by enabling ScanMail for IBM Domino for Windows to treat ZIP files that contain viruses as uncleanable. Issue 6: SMDDtas stops unexpectedly when it encounters an APT filter notification message that is exactly 2048 bytes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 4856] This hotfix resolves this issue by preventing the stack corruption issue caused by buffer overflow. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Windows. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Windows. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== Trend Micro recommends installing the 64-bit version of ScanMail for IBM Domino for Windows 5.6 Service Pack 1 Build 4594 before installing this Patch. This patch includes Patch 1, Patch 2 and Patch 3. For Enhancement 2 of Patch 2, you must upgrade the ATSE engine to version 9.826.1149 or any higher version to enable the "HEUR_HAS_MACR" rule or to configure aggressive rules level. For Enhancement 2 of Patch 3, you must upgrade the VSAPI engine to version 9.800 or any higher version (preferably higher than 9.850) and the ATSE engine to version 9.860 or any higher version. Refer to Section 8.2 for more information. 5. Installation ======================================================================== Refer to the "Administrator's Guide" for detailed information. 5.1 Installing ===================================================================== To install: 1. Log on to the IBM Domino server as an "Administrator". 2. Close all active IBM Notes clients and account sessions. If no IBM Notes clients are open at this time, proceed to the next step. 3. Clear the password for the Domino console. If the Domino console is not password-protected, proceed to the next step. 4. Copy the "smid_56_win64_en_sp1_patch4.exe" file to a local folder on the ScanMail for IBM Domino for Windows server. 5. Double-click "smid_56_win64_en_sp1_patch4.exe". ScanMail for IBM Domino for Windows displays a message confirming that the patch installation was successful. 6. Click "Finish". The "SMID: Build 5.6.1.4857" message appears on the Domino console after the system completes the installation. 5.2 Uninstalling ===================================================================== To roll back to the previous build: 1. Log on to the IBM Domino server as an "Administrator". 2. Close all active IBM Notes clients and account sessions. If no IBM Notes clients are open at this time, proceed to the next step. 3. Browse to the backup folder in ScanMail for IBM Domino for Windows installation folder. For example, "c:\Program Files\ Trend Micro\ScanMail for Domino\Hotfix\B4857". 4. Run "uninstall.bat". 5. Click "Finish". 6. Post-Installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues in this release. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in Patch 1: Enhancement 1: Trend Micro Data Loss Prevention(TM) Template - The Data Loss Prevention (DLP) template has been updated to add the "My number" template. Enhancement 2: APT Prevention Filter - Some information in the "Scan Option > APT Prevention Filter" has been updated to provide a more accurate description, from "Detected by Advanced Threat Scan engine" to "Suspicious files detected by Advanced Threat Scan engine". Enhancement 3: Web Reputation Service (WRS) - WRS now supports the "Ransomware" category. This ensures that ScanMail for IBM Domino for Windows 5.6 can detect hyperlinks that contain ransomware and to record these information in the log database. 8.1.2 Resolved Known Issues =================================================================== Patch 1 resolves the following issues: Issue 1: When ScanMail for IBM Domino for Windows 5.6 detects a virus in a compressed file, it still takes action on the compressed file even after it has successfully cleaned the virus from the file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 4609] ScanMail for IBM Domino for Windows 5.6 no longer takes action on a compressed file if it has successfully cleaned the virus from the file. Issue 2: The ScanMail for IBM Domino for Windows 5.6 attachment filter cannot filter attachments by extension names if it cannot retrieve the true file type of these attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4599] The ScanMail for IBM Domino for Windows 5.6 attachment filter now filters attachments by extension names even if it cannot retrieve the true file type of the attachments. Issue 3: When ScanMail for IBM Domino for Windows 5.6 scans an email message and the sender information is in the wrong format, for example "><..." or "...>", the SMDreal process stops unexpectedly and triggers the Domino server to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: ScanMail for IBM Domino for Windows 5.6 can now handle these messages properly. Issue 4: When both the "Security Risk Scan > Selected files" and the "APT Prevention Filter > File with specified types" options are selected, ScanMail for IBM Domino for Windows 5.6 cannot send messages to Deep Discovery Advisor for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: ScanMail for IBM Domino for Windows 5.6 can now successfully send messages to Deep Discovery Advisor for analysis under the scenario described above. Issue 5: When the "APT Prevention Filter > File with specified types > Executables and applications" option is selected, ScanMail for IBM Domino for Windows 5.6 does not take action on an ordinary x64 EXE/DLL file because it does not recognize that this type of file is under the "Executables and applications" category. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: ScanMail for IBM Domino for Windows 5.6 now correctly recognizes x64 EXE/DLL files. Issue 6: The Deep Discovery Analyzer server does not accept certain samples of email messages from ScanMail for IBM Domino for Windows 5.6. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 4627] When ScanMail for IBM Domino for Windows 5.6 sends email message samples to Deep Discovery Analyzer for analysis, the samples are now encoded in UTF-8 or are URL-encoded. Issue 7: The End User Quarantine (EUQ) function does not work when "Cluster Trusting" is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The EUQ function now runs normally when "Cluster Trusting" is enabled. Issue 8: When users select one engine and one pattern file for update through the console, and the engine file is already up-to-date while the pattern file is not, ScanMail for IBM Domino for Windows 5.6 cannot save the latest pattern files in the "smdtemp/au/pattern" folder. If this happens, ScanMail cannot perform an incremental pattern update on the next pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ScanMail for IBM Domino for Windows 5.6 can now successfully save the latest pattern files in the "smdtemp/au/pattern" folder. Issue 9: ScanMail for IBM Domino for Windows 5.6 cannot send outbound messages that trigger rules to Deep Discovery Advisor for analysis if these messages do not contain any sender information or if ScanMail cannot retrieve the sender information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: ScanMail for IBM Domino for Windows 5.6 can now send these messages to Deep Discovery Advisor for analysis. Issue 10: When the "SMD_UPD_START_NEW_SCANNER" setting is configured in "notes.ini", all SMDreal processes restart when an engine or pattern is deployed. However, an issue prevents ScanMail from properly calculating the total number of SMDreal processes; as a result, the total number of running SMDreal processes increases significantly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The total number of running SMDreal processes is now calculated correctly. Issue 11: The ScanMail for IBM Domino DLP filter may generate a false positive when it scans a Microsoft(TM) Excel(TM) file and is triggered by the combined contents of adjacent cells. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: Users can now allow only the contents of a single cell to trigger the DLP filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To enable this solution: a. Open "notes.ini" using a text editor. b. Add the "SMD_ENABLE_STRICT_ENTITY_MATCH" hidden key to "notes.ini" and set its value to "1". Note: To revert to the old behavior, set the value to "0". c. Save the changes and close "notes.ini". d. Restart SMDreal. Issue 12: ScanMail for IBM Domino for Windows 5.6 may stop unexpectedly while the attachment filter scans a compressed file that contains files with long path names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 4644] ScanMail for IBM Domino for Windows 5.6 can now scan this type of compressed files. 8.2 Patch 2 =================================================================== 8.2.1 Enhancements =================================================================== The following enhancements are included in Patch 2: Enhancement 1: [Hotfix 4643] Web Reputation Service - This patch enables the Web Reputation Service (WRS) to support the "Ransomware" category. This ensures that ScanMail for IBM Domino for Windows 5.6 can detect hyperlinks that contain ransomware and to record these information in the log database. Enhancement 2: [Hotfix 4659] Advance Threat Scan Engine - This patch enables ScanMail for Domino for Windows 5.6 to support the following new features of the Advanced Threat Scan Engine (ATSE): - "HEUR_HAS_MACR" rule (ATSE 9.740.1102 and higher builds) - aggressive rules level (ATSE 9.750.1016 and higher builds) Procedure 2: To enable the "HEUR_HAS_MACR" rule: a. Install this patch (see "Installation"). b. Update the ATSE engine to version 9.826.1149 or any higher version. c. Open "notes.ini" using a text editor. d. Add the "SMD_ATSE_HEUR_HAS_MACR_ENABLED" hidden key to "notes.ini" and set its value to "1". Note: To disable the "HEUR_HAS_MACR" rule, set the value to "0". e. Save the changes and close "notes.ini". f. Restart SMDreal. To configure aggressive rules level: a. Install this patch (see "Installation). b. Update the ATSE engine to version 9.826.1149 or any higher version. c. Open "notes.ini" using a text editor. d. Add the "SMD_ATSE_RULE_LEVEL" hidden key to "notes.ini" and set its value to the preferred level between 0 and 4. Note: If "SMD_ATSE_RULE_LEVEL" is not configured or is set to "0", the aggressive rules level is set to "4" by default. e. Save the changes and close "notes.ini". f. Restart SMDreal. Enhancement 3: [Hotfix 4666] Scan Settings - This patch allows users to enable the following two options under the "Default Mail Scan > Scan Options > APT Prevention Filter > Scan Settings > Select attachments to scan" setting, simultaneously: - Suspicious files detected by Advanced Threat Scan Engine - Files with specified type Enhancement 4: [Hotfix 4666] Trend Micro Deep Discovery Analyzer - This patch enables ScanMail for Domino for Windows 5.6 to support Deep Discovery Analyzer 5.5 servers. Enhancement 5: [Hotfix 4705] Security Logs - This patch adds the following information in security logs that ScanMail for IBM Domino sends to Trend Micro Control Manager(TM). Attribute ID: SLF_CategoryIDList Data Type: X_WSTRING Value: Category/categories returned by the TMUFE query each category is separated by a comma "," Maximum Length: 64 characters Enhancement 6: Deep Discovery Advisor - This patch adds the following settings in the Deep Discovery Advisor Settings for communicating with the Deep Discovery Advisor server. - Maximum wait time for analysis ratings - Action on unanalyzed risks 8.2.2 Resolved Known Issues =================================================================== Patch 2 resolves the following issues: Issue 1: ScanMail for IBM Domino may stop unexpectedly while scanning password-protected compressed file attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 4663] This patch upgrades the eManager engine to ensure ScanMail for IBM Domino can scan password-protected compressed file attachments. Issue 2: An email message may be delivered to a restricted group that the email sender cannot access. This may happen because ScanMail for IBM Domino for Windows needs to expand restricted groups and display its members before it can match rules correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4673] This patch resolves the issue by enabling ScanMail for IBM Domino for Windows to skip restricted groups and match rules for unrestricted groups only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To this error-handling mechanism: a. Install this patch (see "Installation"). b. Add the "SMDFilterUnexpandedGroup" hidden key to the "notes.ini" file and set its value to "1". c. Restart SMDreal. Issue 3: ScanMail for IBM Domino for Windows cannot detect configuration changes in the smlists database automatically. As a result, users need to reload the smdreal process to update the configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 4678] This patch enables ScanMail for IBM Domino for Windows to update the smlists database configuration automatically. Issue 4: An issue prevents ScanMail for IBM Domino for Windows from matching sender email addresses with the addresses in the approved and blocked senders lists of the anti-spam scanner correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 4679] This patch improves the way ScanMail for IBM Domino for Windows extracts the sender information from email messages to help ensure that it can match the information to the approved and blocked senders lists. Issue 5: The OpenSSL version used in ScanMail for IBM Domino is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix updates the MCP AgentSDK to resolve the vulnerability. Issue 6: ScanMail for IBM Domino for Windows will attempt to convert native encoding to UTF-8 if the attachment identification function of the eManager module encounters UTF-8 without BOM encoding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix updates the extract encoding method to enable ScanMail for IBM Domino for Windows to skip the information and pass it to the engine for processing. 8.3 Patch 3 =================================================================== 8.3.1 Enhancements =================================================================== The following enhancements are included in Patch 3: Enhancement 1: [Hotfix 4732] This hotfix allows users to enable ScanMail for IBM Domino to use ATSE Advanced File Information (AFI) to retrieve the file information of executable files, script files (VBE, VBS, JS, JSE, WSF, and PS1) that were not virus scanned by the engine, and macro files and to send these files to Trend Micro Deep Discovery Advisor. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable ScanMail for IBM Domino to use ATSE AFI to retrieve the file information: a. Install this hotfix (see "Installation"). b. Open "notes.ini" using a text editor. c. Add the following hidden keys in "notes.ini" and set both values to "1": SMD_ATSE_AFI_ENABLED=1 SMD_ATSE_HEUR_HAS_MACR_ENABLED=1 Note: To revert to the old behavior, set both values to "0". d. Save the changes and close "notes.ini". e. Restart SMDreal. Enhancement 2: [Hotfix 4734] This hotfix enables ScanMail for IBM Domino to support the new malware naming convention to help with the proper identification of Ransomware components. 8.3.2 Resolved Known Issues =================================================================== Patch 3 resolves the following issues: Issue 1: ScanMail for IBM Domino for Windows cannot get the attachment entity from MIME mail that has only one (1) entity. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 4760] This hot fix enables ScanMail for IBM Domino for Windows to disable simple MIME email checks in order to get attachment entities correctly from the MIME email, which only has one (1) entity. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure1: To enable this solution: a. Install this hot fix (see "Installation"). b. Run the following command on the Domino console: set config SMD_DISABLE_SIMPLEMAIL_CHECK=1 Issue 2: ScanMail for IBM Domino for Windows does not display a warning message when users attempt to save a scheduled scan rule or a scheduled update rule without specifying a server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4776] This hotfix enables ScanMail for IBM Domino for Windows to display a warning message when users attempt to save a scheduled scan rule or a scheduled update rule without specifying a server. Issue3: A large number of EUQ events occur if all conditions are true: - The EUQ function is enabled - Cluster Trusting in a cluster environment is disabled - Replication of recipient mail boxes and EUQ is enabled This leads to conflicts on the junk folder of the recipient mail boxes, resulting in mail delays in Windows 32-bit. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 4777] This hotfix fixes the issue by applying the following updates: 1) Updated the code affecting the deletion of the "SMLD_IS_SPAM_MAIL" or "MLD_IS_GRAY_MAIL" fields when moving messages to the junk folder. 2) Smdext no longer handles non-EUQ database events if both real-time database scan and Cluster Trusting are disabled but EUQ is enabled. 3) Added enhancements to the check trusted server function. Issue 4: Email messages that are recalled during a real-time scan may remain in the mailbox permanently. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 4780] This hotfix enables the Real-time Scan feature to skip recalled email messages so that these email messages can be released normally. Issue 5: Certain sub processes of ScanMail for IBM Domino stop responding while the IBM Domino server shuts down or restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 4792] This hotfix resolves the issue by enabling ScanMail for IBM Domino to determine if the operating system is 64-bit only and without using external tools. Issue 6: When the action for "Office with Macros" email messages is set to "quarantine", and the email message also meets the prerequisite to be sent to Deep Discovery Advisor, the email message will NOT be quarantined if Deep Discovery Advisor rates the file attachments as not suspicious files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 4797] After installing this hotfix, ScanMail will no longer send "Office with Macros" email messages to Deep Discovery Advisor when the action for these email messages is set to "quarantine". When the action for "Office with Macros" email messages is set to "strip", users can now configure whether the email messages should be sent to Deep Discovery Advisor for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure6: To prevent ScanMail from sending "Office with Macros" email messages to Deep Discovery Advisor when the action for these messages is set to "strip" and the "APT Prevention Filter > Files with specified types" option is enabled: a. Install this hotfix (see "Installation"). b. Run the following command on the Domino console: set config SMDDisableMacroSendToDDA=1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comment: To prevent ScanMail from sending "Office with Macros" email messages to Deep Discovery Advisor, no matter the action for "Office with Macros" email messages is set to "quarantine" or "strip", please also check the build number of the "smconf.nsf" file. If it is "4776" or higher, disable the "APT Prevention Filter > Highly Recommendable file types > Microsoft Office files with Macros" option. Issue 7: When users receive an email message that has two or more attachments, they may receive "Deep Discovery Advisor has become unavailable" notifications even when the Deep Discovery Advisor server is available. This happens because several threads may attempt to modify the flags of the same email message at the same time after ScanMail receives the attachment file analysis report from the Deep Discovery Advisor server. As a result, some flags may be overwritten, which then triggers the notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 4798] This hotfix ensures that only one thread is allowed to modify any flag in an email message at one time. 9. Files Included in This Release ======================================================================== Filename Build No. --------------------------------------------------------------------- nloader.exe 5.6.1.4857 nSMDreal.dll 5.6.1.4857 nSMDdbs.dll 5.6.1.4857 nSmdDTAS.dll 5.6.1.4857 nSMDemf.dll 5.6.1.4857 nSMDext.dll 5.6.1.4857 ProductLib.dll 5.6.1.4857 nSMDmon.dll 5.6.1.4857 nSMDupd.dll 5.6.1.4857 nSMDsch.dll 5.6.1.4857 nupdsmd.dll 5.6.1.4857 nSMDcm.dll 5.6.1.4857 smconf.ntf N/A smquar.ntf N/A smmsg.nsf N/A smhelp.nsf N/A DLP template 3.1.1021 --------------------------------------------------------------------- PredefinedDLPPolicy.dat eManager module 7.6.0.1193 --------------------------------------------------------------------- adj.dat adj.idx adv.dat adv.idx american-name.txt cme.conf cme_dll.dll cme_vxe_dll.dll data_dna.dll DlpEngine.dll dtengine64.dll emDebug.dll em_expression.dll em_helpr.dll em_synonym.dll etyv icudt57.dll icuin57.dll icuuc57.dll BPMNT.dll vsapi64.dll noun.dat noun.idx Policy.xml pthreadVC2.dll spanish-name.txt tmpe.pol tmpeEnum.xml verb.dat verb.idx MCP AgentSDK module 5.0.0.2282 --------------------------------------------------------------------- En_I18N.dll En_Utility.dll libapr-1.dll libcurl.dll libeay32.dll ssleay32.dll SSO_PKIHelper.dll TrendAprWrapperDll.dll zlibwapi.dll 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, eManager, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide