<> Trend Micro Incorporated January 16,2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) (for Microsoft(TM) Exchange(TM)) 12.0 Patch 1 for Service Pack 1 Build 1727 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail (for Microsoft Exchange) 12.0 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail (for Microsoft Exchange) 12.0 ====================================================================== ScanMail protects Exchange Server 2016, Exchange Server 2013, and Exchange Server 2010. Use the ScanMail installation program to quickly install ScanMail to one or more, local or remote, Exchange servers. Once installed, ScanMail can protect your servers in real time against viruses/malware, Trojans, worms, and spyware/grayware. ScanMail sustains business and network integrity by screening out spam messages and messages containing undesirable or unwanted content. ScanMail monitors and protects sensitive information that is travelling across your network. 1.1 Overview of This Release =================================================================== ScanMail (for Microsoft Exchange) 12.0 Patch 1 for Service Pack 1 consolidates all solutions to issues resolved after the release of ScanMail (for Microsoft Exchange) 12.0 Service Pack 1 build. 1.2 Who Should Install This Release =================================================================== You should install this Patch if you are currently running ScanMail (for Microsoft Exchange) 12.0 Service Pack 1 build. 2. What's New ====================================================================== Note: Please install the Patch before completing any procedures in this section (see "Installation"). This patch addresses the following issues and includes the following enhancement: 2.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [Hotfix N/A] Deep Discovery Analyzer integration improvement - This Patch enhanced the performance of ScanMail (for Microsoft Exchange) integration with Deep Discovery Analyzer server. Enhancement 2: [Hotfix N/A] Attachment Blocking policy - This Patch allows users to configure attachment blocking policy from specific sender(s) to specific recipient(s). Enhancement 3: [Hotfix N/A] URL keyword white list - This Patch enables ScanMail (for Microsoft Exchange) to configure a URL keyword white list to exclude URLs from advanced threats analysis. Enhancement 4: [Hotfix N/A] Quarantine Resend - This Patch enables users to resend the quarantine message part email messages as new message to Blind Carbon Copy recipients without any disclosure in the new message. Enhancement 5: [Hotfix N/A] Special Group wildcard - This Patch enables users to configure special group SMTP address with wildcard asterisk(*) in domain name or user name part. Enhancement 6: [Hotfix N/A] Windows Server 2016 support - This Patch supports ScanMail (for Microsoft Exchange) running on Windows Server 2016 platform with Microsoft Exchange Server 2016 cumulative update 3 or later. Enhancement 7: [Hotfix N/A] This Patch doesn't send notification email messages to sender(s) or recipient(s) if there advanced threats analysis timeout/error generated. 2.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: On Exchange 2013 and 2016 platform, ScanMail (for Microsoft Exchange) will perform redundant query to Trend Micro Email Reputation service if there are lots of recipients in email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix N/A] This patch resolved the redundant query to Trend Micro Email Reputation service. Issue 2: ScanMail (for Microsoft Exchange) will be disconnected after the replication triggered from Trend Micro Control Manager ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 4261]This patch resolved this disconnection issue after the replication triggered from Trend Micro Control Manager. Issue 3: There is an XML DoS attack vulnerability issue of ScanMail_Master if attack with the XML bomb. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix N/A] This patch prevents the XML bomb attach for ScanMail_Master service. Issue 4: After ScanMail (for Microsoft Exchange) integrates with Deep Discovery Analyzer 5.5 Service Pack 1, it can send only specific types of files to Deep Discovery Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1361]This patch adds handling logic for "*.ps1", "*.htf", "*.wsf", "*.cmd", and "*.bat" script files to the ScanMail (for Exchange) program to enable it to send these types of files to Deep Discovery Analyzer 5.5 Service Pack 1 for analysis. Issue 5: ScanMail (for Microsoft Exchange) cannot clean macro files from Microsoft Office files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1467]This patch enables ScanMail (for Microsoft Exchange) to clean macro files from Microsoft Office files. NOTES: - The "Do not clean infected compressed files to optimize performance" option under the Security Risk Scan filter must be disabled to allow ScanMail (for Microsoft Exchange) to clean macro files from Microsoft Office files. - This patch does not enable ScanMail (for Microsoft Exchange) to clean Macro files in embedded Microsoft Office files. Issue 6: ScanMail (for Microsoft Exchange) cannot replicate internal domains to target servers using Server Management if standard Activation Code (AC) is used. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1480]This patch enables ScanMail (for Microsoft Exchange) to replicate internal domains to target servers using Server Management if standard AC is used. Issue 7: Email Reputation service get a wrong query for some IPv4 address which represented with IPv6 format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix N/A] This patch resolves this issue by converting such IP addresses to IPv4 format. Issue 8: The offline SQL scripts generated during ScanMail (for Microsoft Exchange) database disconnected cannot be inserted to SQL Server if the Operation System locale represents its date format as dd/MM/yyyy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix N/A] This patch ensures ScanMail (for Microsoft Exchange) can insert offline SQL scripts to its database no matter which locale. Issue 9: The "HEUR_HAS_MACRO" Advanced Threat Scan Engine rule detects if an email file attachment contains macros. Enabling virtual analyzer on the transport level also enables the "HEUR_HAS_MACRO" rule for store level scans. This causes many Microsoft Office files to be detected as "HEUR_HAS_MACRO" during Exchange 2010 store level real-time scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1477]This patch disables the ScanMail (for Microsoft Exchange) "HEUR_HAS_MACRO" Advanced Threat Scan Engine rule, which detects if an email file attachment contains macros for store level scans. This reduces the number of false positives detected by the Advanced Threat Scan Engine. Issue 10: In some environments, ScanMail (for Microsoft Exchange) is unable to retrieve the SMTP address of the sender's mailbox. As a result, ScanMail (for Microsoft Exchange) is unable to determine if the mailbox belongs to the sender or the recipient. This causes ScanMail (for Microsoft Exchange) to send notifications to the sender, even if sender's notification is not enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hotfix 1477]This patch enables ScanMail (for Microsoft Exchange) to successfully retrieve the SMTP address of the sender's mailbox, and not send notifications to the sender if the sender's notification option is not enabled. Issue 11: On Microsoft Exchange 2013 and 2016 server, when the system calls the "Get-TransportServer" cmdlet, there will be Warning Event 2004 in the Windows Event log that shows this entry: "A script made a call into deprecated cmdlet 'Get-TransportServer'. This script must be updated to call on the "Get-TransportService" cmdlet instead". On ScanMail (for Microsoft Exchange), there will be a number of Warning Event 2004 entries in the Windows event log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1481]This patch enables ScanMail (for Microsoft Exchange) to call the "Get-TransportService" cmdlet to instead of "Get-TransportServer" on Microsoft(TM) Exchange(TM) 2013 and 2016. This update avoids Warning Event 2004 in the Microsoft Windows(TM) event log. Issue 12: On the "Virtual Analyzer" page, specific accounts for "Message Sender Approved List" and "Message Target Recipients" show incorrect information if there is comma (",") in the account names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 1479]This patch enables the specific accounts for "Message Sender Approved List" and "Message Target Recipients" show correct information on "Virtual Analyzer" page. NOTE: If the solution does not take effect immediately, clear browser's cache after installing this patch. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying ScanMail (for Microsoft Exchange). - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== There are no changes to the system requirements in the ScanMail (for Microsoft Exchange) 12.0 Service Pack 1 readme file. Additionally, this patch supports Windows Server 2016. 5. Installation ====================================================================== This section explains key steps for installing. - This Patch supports remote and multi-server deployment. - This Patch automatically restarts the following services on both Normal and Cluster Servers: - ScanMail (for Microsoft Exchange) Master Service - ScanMail (for Microsoft Exchange) Remote Configuration Server - ScanMail (for Microsoft Exchange) System Watcher - ScanMail EUQ Monitor - Microsoft Exchange Transport - MOM service - HealthService service - To install or uninstall this Patch, you must have at least local administrator and domain user privileges. 5.1 Installing =================================================================== To install: 1. Log on using an account with local administrator and domain privileges. 2. Run "SMEX-12.0-SP1-Patch1-1727.exe" and select "Install". The framework automatically installs the Patch to the appropriate directory, replaces the outdated files, and updates the database. The "Successfully completed" count increases upon the completion of the installation. 3. Clear the browser cache and re-launch the browser. 5.2 Uninstalling =================================================================== To roll back to the previous build: - run "SMEX-12.0-SP1-Patch1-1727.exe" and select "uninstall"; or - run "uninstall.bat" in the following patch folder: {SMEX_HOME}\Patch\ScanMail 12.0 Patch 1 for Service Pack 1\ Uninstall The framework automatically rolls back to the previous build and a confirmation message indicating a successful uninstallation is displayed on the setup screen. 6. Post-Installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues in this release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download ScanMail (for Microsoft Exchange) 12.0 March 2016 ScanMail (for Microsoft Exchange) 12.0 Patch 1 July 2016 ScanMail (for Microsoft Exchange) 12.0 Service Pack 1 November 2016 9. Files Included in This Release ====================================================================== This is a full package release. Detail files list refer to ScanMail (for Microsoft Exchange) 12.0 Patch 1 for Service Pack 1 installation package. 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, Data Loss Prevention, OfficeScan, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide