<> Trend Micro Incorporated May 30, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) (for Microsoft(TM) Exchange(TM)) 12.0 Patch 3 for Service Pack 1 - Build 1814 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail(for Microsoft Exchange) 12.0 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail (for Microsoft Exchange) 12.0 ====================================================================== ScanMail protects Exchange Server 2016, Exchange Server 2013, and Exchange Server 2010. Use the ScanMail installation program to quickly install ScanMail to one or more, local or remote, Exchange servers. Once installed, ScanMail can protect your servers in real time against viruses/malware, Trojans, worms, and spyware/grayware. ScanMail sustains business and network integrity by screening out spam messages and messages containing undesirable or unwanted content. ScanMail monitors and protects sensitive information that is travelling across your network. 1.1 Overview of This Release =================================================================== ScanMail (for Microsoft Exchange) 12.0 Patch 3 for Service Pack 1 consolidates all solutions to issues resolved after the release of ScanMail (for Microsoft Exchange) 12.0 for Service Pack 1 build. 1.2 Who Should Install This Release =================================================================== You should install this patch if you are currently running ScanMail (for Microsoft Exchange) 12.0 for Service Pack 1 build. 2. What's New ====================================================================== NOTE: Please install the Patch before completing any procedures in this section (see "Installation"). This patch addresses the following issues and includes the following enhancement: 2.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [EN Hotfix 1799] This patch enables ScanMail (for Microsoft Exchange) 12.0 to store the secure hash algorithm (SHA1) of a submitted file/URL to the Deep Discovery Analyzer (DDAn) server in the cache. The ScanMail server can use the SHA1 items to filter duplicate samples by itself before doing any form of submission. Therefore, this update prevents the submission of the same suspicious file/URL from the same ScanMail server. Limitation: It is NOT possible to share each server's cache data to other servers. Therefore, it is possible to submit duplicate samples from different ScanMail servers to the DDAn server. 2.2 Resolved Known Issues =================================================================== The following known issues are resolved in this release: Issue 1: ScanMail (for Microsoft Exchange) 12.0 cannot detect spam email messages that contain the encoded sender address in the email body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [EN Hotfix 1783] This patch enables ScanMail (for Microsoft Exchange) 12.0 to pass the parsed sender address to Trend Micro Anti-spam Engine (TMASE) for analysis. Issue 2: Administrators register a ScanMail (for Microsoft Exchange) server to the Deep Discovery Analyzer (DDAn) server. After performing server management tasks for the Virtual Analyzer from that server, administrators observe that the target server is not actually registered to the DDAn server in ScanMail (for Microsoft Exchange) 12.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [EN Hotfix 1792] This patch ensures that the target server is registered to the DDAn server successfully after performing server management tasks for the Virtual Analyzer in ScanMail (for Microsoft Exchange) 12.0. Issue 3: By default, the replacement setting of the Attachment Blocking filter changes the replacement file name to "[Attachment Name].txt". However, when users open the received email, the system did not replace the attachment file successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [EN Hotfix 1795] This patch resolves the issue by modifying the TmMsg module. Issue 4: Enabling Deep Discovery Analyzer may result in memory leaks due to frequent calls made to the exchange service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [EN Hotfix 1797] This patch fixes the memory leak issue by calling the exchange service only when starting Deep Discovery Analyzer related services. This avoids frequent calls to the exchange service. Note that changing the exchange replay folder will require a restart of the SMEX master service. Issue 5: ScanMail for Exchange stops unexpectedly when users attempt to resend the original message of a quarantined email message if the total length of all recipient addresses in the "TO", "CC", and "BCC" fields exceeds 8192 bytes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [EN Hotfix 1801] This patch enables ScanMail for Exchange to use the "strncpy_s" function instead of the "strcpy_s" function to resolve the memory overflow issue an ensure that users can resend the original message normally. Issue 6: ScanMail for Exchange does not extract hyperlinks from email file attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [EN SMEX 12.5 Hotfix 1310] This patch upgrades the eManager(TM) module to support hyperlink extraction. Issue 7: Successive scheduled updates are delayed for 1 to 2 seconds. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [JP Hotfix 1512] This patch ensures that scheduled updates run on schedule without delays. Issue 8: This patch resolves the issue wherein the ScanMail for Microsoft Exchange master service and ScanMail for Microsoft Exchange System Watcher encounter a memory leak problem when calls Exchange cmdlets frequently in some environments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [EN Hotfix 1797] This patch fixes the memory leak issue by adding the cache mechanism to store Exchange information gotten from Exchange cmdlets to avoid calling Exchange cmdlets frequently. User can configure the timeout of the cache. Procedure 8: To configure this option: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: ExchangeInfoCachePeriodInMinute Type: REG_DWORD Data value: timeout in minute (default time out is 30 minutes) Note 8: After changing the Exchange Pickup or Replay directory location, restart ScanMail service to refresh the cache. Otherwise, ScanMail cannot work normally. Changing the location of Pickup or Replay directories does not copy any existing message files from the old location to the new location. Therefore, manually move any existing message files that are left in the old location to the new location to resend the legacy messages. Issue 9: After installing ScanMail 12.0 SP1 Patch1, Attachment Blocking tracing logs may not record all the attachments that pass through ScanMail for Exchange. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [EN SMEX 12.5 Hotfix 1316] This patch ensures that when enabled, Attachment Blocking tracing logs record all attachments that pass through ScanMail for Exchange. Issue 10: ScanMail cannot extract URLs from digitally signed email messages correctly because some garbled characters exist at the end of these URLs. ScanMail detects the URLs as suspicious. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [EN SMEX 12.5 Hotfix 1318] This patch provides an option to configure ScanMail to skip the extracting and scanning of URLs in digitally signed email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To configure this feature: a. Install this hotfix (see "Installation"). b. Open the Registry Editor. c. Locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: SkipWTP4SMINE Type: REG_DWORD Data value: "1" = skip extracting URLs in digitally signed email message "0" = extract URLs in digitally signed email messages Issue 11: The Integrated Smart Protection Server and the standalone Smart Protection Server cannot parse the information in the "User Agent" header because it is in the wrong format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [EN Hotfix 1810] This patch ensures that the iCRC common module adds information into the "User Agent" header in the correct format. Issue 12: ScanMail for Exchange 12.0 may not be able to handle certain "NO_SUPP_ERROR" and "BAD_ZIP_ERR" errors from the Virus-Scanning Application Program Interface (VSAPI). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [JP SMEX 12.5 Hotfix 2020] This patch updates the error handling mechanism to enable ScanMail for Exchange 12.0 to handle "NO_SUPP_ERROR" and "BAD_ZIP_ERR" errors from the VSAPI. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying ScanMail (for Microsoft Exchange). - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== There are no changes to the system requirements in the ScanMail (for Microsoft Exchange) 12.0 Service Pack 1 readme file. 5. Installation ====================================================================== This section explains key steps for installing. - This patch supports remote and multi-server deployment. - This patch automatically restarts the following services on both Normal and Cluster Servers: - ScanMail (for Microsoft Exchange) Master Service - ScanMail (for Microsoft Exchange) Remote Configuration Server - ScanMail (for Microsoft Exchange) System Watcher - ScanMail EUQ Monitor - Microsoft Exchange Transport - MOM service - HealthService service - To install or uninstall this patch, you must have at least local administrator and domain user privileges. 5.1 Installing =================================================================== To install: 1. Log on using an account with local administrator and domain privileges. 2. Run "smex_120_win_en_sp1_patch3_1814.exe" and select "Install". The framework automatically installs the Patch to the appropriate directory, replaces the outdated files, and updates the database. The "Successfully completed" count increases upon the completion of the installation. 3. Clear the browser cache and re-launch the browser. 5.2 Uninstalling =================================================================== To roll back to the previous build: - Run "smex_120_win_en_sp1_patch3_1814.exe" and select "uninstall"; or - Run "uninstall.bat" in the following patch folder: {SMEX_HOME}\Patch\ScanMail 12.0 Patch 3 for Service Pack 1\Uninstall The framework automatically rolls back to the previous build and a confirmation message indicating a successful uninstallation is displayed on the setup screen. 6. Post-Installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues in this release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download - ScanMail (for Microsoft Exchange) 12.0 Patch 2 for Service Pack 1, December 13, 2017 - ScanMail (for Microsoft Exchange) 12.0 Patch 1 for Service Pack 1, January 16, 2017 - ScanMail (for Microsoft Exchange) 12.0 Service Pack 1, August 26, 2015 - ScanMail (for Microsoft Exchange) 12.0, November 7, 2013 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [EN Hotfix N/A] Deep Discovery Analyzer integration improvement - ScanMail (for Microsoft Exchange) integration with Deep Discovery Analyzer server has improved. Enhancement 2: [EN Hotfix N/A] Attachment Blocking policy - Users can now configure an attachment blocking policy from specific sender(s) to specific recipient(s). Enhancement 3: [EN Hotfix N/A] URL keyword Approved List - Users can now configure a URL keyword approved list to exclude URLs from advanced threats analysis. Enhancement 4: [EN Hotfix N/A] Quarantine Resend - Users can now resend the quarantine message part email messages as new messages to Blind Carbon Copy (BCC) recipients without any disclosure in the new message. Enhancement 5: [EN Hotfix N/A] Special Group Wildcard - Users can now configure the special group SMTP address with a wildcard asterisk(*) in the domain name or user name part. Enhancement 6: [EN Hotfix N/A] Windows Server 2016 support - ScanMail (for Microsoft Exchange) can now run on the Windows Server 2016 platform with Microsoft Exchange Server 2016 cumulative update 3 or later. Enhancement 7: [EN Hotfix N/A] Advanced Threat Analysis - ScanMail (for Microsoft Exchange) no longer sends notification email messages to sender(s) or recipient(s) if there are advanced threats analysis timeout/errors generated. 8.1.2 Resolved Known Issues =================================================================== The following known issues are resolved in this release: Issue 1: On Exchange 2013 and 2016 platform, ScanMail (for Microsoft Exchange) will perform redundant query to Trend Micro Email Reputation Service (ERS) if there is a large number of recipients in email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [EN Hotfix N/A] ScanMail (for Microsoft Exchange) no longer sends redundant queries to ERS. Issue 2: ScanMail (for Microsoft Exchange) will be disconnected after users trigger configuration replication from Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [EN Hotfix 4261] The disconnection issue has resolved. Issue 3: ScanMail_Master is affected by an XML DoS attack vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [EN Hotfix N/A] The vulnerability has been resolved. Issue 4: After ScanMail (for Microsoft Exchange) integrates with Deep Discovery Analyzer 5.5 Service Pack 1, it can send only specific types of files to Deep Discovery Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [EN Hotfix 1361] Handling logic has been added for "*.ps1", "*.htf", "*.wsf", "*.cmd", and "*.bat" script files to enable ScanMail (for Microsoft Exchange) to send these types of files to Deep Discovery Analyzer 5.5 Service Pack 1 for analysis. Issue 5: ScanMail (for Microsoft Exchange) cannot clean macro files from Microsoft Office files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [EN Hotfix 1467] ScanMail (for Microsoft Exchange) can now clean macro files from Microsoft Office files. NOTES: - The "Do not clean infected compressed files to optimize performance" option under the Security Risk Scan filter must be disabled to allow ScanMail (for Microsoft Exchange) to clean macro files from Microsoft Office files. - This update does not enable ScanMail (for Microsoft Exchange) to clean Macro files in embedded Microsoft Office files. Issue 6: ScanMail (for Microsoft Exchange) cannot replicate internal domains to target servers using Server Management if standard Activation Code (AC) is used. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [EN Hotfix 1480 ] ScanMail (for Microsoft Exchange) can now replicate internal domains to target servers using Server Management if standard AC is used. Issue 7: ERS retrieves the wrong query for some IPv4 addresses that are in IPv6 format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [EN Hotfix N/A] ScanMail (for Microsoft Exchange) now converts these IP addresses to IPv4 format automatically. Issue 8: The offline SQL scripts generated during ScanMail (for Microsoft Exchange) database disconnected cannot be inserted to SQL Server if the Operation System locale represents its date format as dd/MM/yyyy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [EN Hotfix N/A] ScanMail (for Microsoft Exchange) can now insert offline SQL scripts to its database in any locale. Issue 9: The "HEUR_HAS_MACRO" Advanced Threat Scan Engine (ATSE) rule detects if an email file attachment contains macros. Enabling virtual analyzer on the transport level also enables the "HEUR_HAS_MACRO" rule for store level scans. This causes many Microsoft Office files to be detected as "HEUR_HAS_MACRO" during Exchange 2010 store level real-time scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [EN Hotfix 1477] The ScanMail (for Microsoft Exchange) "HEUR_HAS_MACRO" ATSE rule, which detects if an email file attachment contains macros for store level scans has been disabled. This reduces the number of false positives detected by the ATSE. Issue 10: In some environments, ScanMail (for Microsoft Exchange) is unable to retrieve the SMTP address of the sender's mailbox. As a result, ScanMail (for Microsoft Exchange) cannot determine if the mailbox belongs to the sender or the recipient. This causes ScanMail (for Microsoft Exchange) to send notifications to the sender, even if sender's notification is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [EN Hotfix 1477] ScanMail (for Microsoft Exchange) can now successfully retrieve the SMTP address of the sender's mailbox, and not send notifications to the sender if the sender's notification option is not enabled. Issue 11: On Microsoft Exchange 2013 and 2016 server, when the system calls the "Get-TransportServer" cmdlet, there will be Warning Event 2004 in the Windows Event log that shows this entry: "A script made a call into deprecated cmdlet 'Get-TransportServer'. This script must be updated to call on the "Get-TransportService" cmdlet instead". On ScanMail (for Microsoft Exchange), there will be a number of Warning Event 2004 entries in the Windows event log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [EN Hotfix 1481] ScanMail (for Microsoft Exchange) now calls the "Get-TransportService" cmdlet to instead of the "Get-TransportServer" on Microsoft Exchange 2013 and 2016. This update prevents Warning Event 2004 in the Microsoft Windows event log. Issue 12: On the "Virtual Analyzer" page, specific accounts for "Message Sender Approved List" and "Message Target Recipients" show incorrect information if there is comma (",") in the account names. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [EN Hotfix 1479] This patch ensures that the specific accounts for "Message Sender Approved List" and "Message Target Recipients" show the correct information on the "Virtual Analyzer" page. NOTE: If the solution does not take effect immediately, clear browser's cache after installing this release. 8.2 Patch 2 =================================================================== 8.2.1 Enhancements =================================================================== The following enhancements are included in this release: [EN Hotfix 1738] Enhancement 1: TLS 1.2 - This patch enables ScanMail (for Microsoft Exchange)12.0 to run in environments where only TLS 1.2 is enabled and .Net Framework 4.5 is installed. [EN Hotfix 1751] Enhancement 2: URL Analysis - When an email message contains a URL that triggers a "404 Not Found" error, the Deep Discovery Analyzer URL analysis feature returns an -19 error code (prefetchd: server error or content does not exist). ScanMail for Microsoft Exchange 12.0 treats this as an unanalyzed risk and takes action on the URL. This patch allows users to configure ScanMail for Microsoft Exchange to skip URLs if it receives specific error codes from Deep Discovery Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure this option: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: BypassURLDDANResult Type: REG_SZ Data value: "-19" = ScanMail skips a URL if Deep Discovery Analyzer returns a -19 error, and the URL will remain unrated. NOTE: Users can specify several error codes separated by a semi-colon ";" so that if Deep Discovery Analyzer returns any of these codes, ScanMail will automatically skip the URLs that trigger the error. [EN Hotfix 1754] Enhancement 3: Spam Detection - This patch allows users to configure the ScanMail for Microsoft Exchange 12.0 spam detection feature to skip Exchange internal email messages with an "SCL=-1" rating. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure this option: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: AntiSpamTrustSCLMinusOne Type: REG_DWORD Data value: "0" = (default) ScanMail spam detection feature scans internal email messages "1" = ScanMail spam detection feature skips internal email messages [EN Hotfix 1764] Enhancement 4: This patch enables ScanMail for Microsoft Exchange 12.0 to submit URLs under the "Noteworthy" WRS category to the Virtual Analyzer server for sandbox analysis. [EN Hotfix N/A] Enhancement 5: Spam Configuration - This patch allows user to configure an approved IP address list in the spam configuration page to enable spam scans to skip email messages from IP addresses on the list. [EN Hotfix N/A] Enhancement 6: Content Filter and Data Loss Prevention(TM) (DLP) Filter - This patch allows ScanMail for Microsoft Exchange 12.0 to trust the Content Filter and DLP filter scan results from other ScanMail for Microsoft Exchange servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To configure the feature: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: TrustScanForCFDLP Type: REG_DWORD Data value: "0" = (default) disable this feature "1" = enable this feature [EN Hotfix N/A] Enhancement 7: LDAP Query - This patch improves the LDAP query logic to decrease the number of authentication requests when querying the Active Directory (AD) for user and group information. [EN Hotfix N/A] Enhancement 8: Log Query - This patch enables ScanMail (for Microsoft Exchange) to show the Data Loss Prevention(TM) (DLP) matched content for attachments on the log query page. [EN Hotfix N/A] Enhancement 9: Data Loss Prevention(TM) (DLP)Validators - This patch provides support for the Nigeria Verve Issuer Identification Number (IIN) validator. [EN Hotfix N/A] Enhancement 10: Virus Detection - This patch allows ScanMail (for Microsoft Exchange)12.0 to compress an email that contains a virus to a password-protected ZIP file and to forward the file to a specific sender. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 10: To configure the feature: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: EnableZipAndForward Type: REG_DWORD Data value: "0" = (default) ScanMail does not compress or forward email messages that contain a detected virus "1" = ScanMail compresses and forwards email messages that contain a detected virus [EN Hotfix N/A] Enhancement 11: This Patch enables ScanMail for Microsoft Exchange 12.0 to attempt to call the Exchange Web Services (EWS) API again if it fails to call the API on the first attempt. This helps improve the success rate of manual and scheduled scans in scanning email messages. 8.2.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: ScanMail (for Microsoft Exchange)12.0 sends URLs to Deep Discovery Analyzer with a full stop at the end which prevents Deep Discovery Analyzer from handling the URLs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [EN Hotfix 1731] This patch enables ScanMail (for Microsoft Exchange)12.0 to remove the full stop from the end of URLs before submitting these to Deep Discovery Analyzer for analysis. Issue 2: ScanMail (for Microsoft Exchange)12.0 does not send new-born URLs to Deep Discovery Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [EN Hotfix 1734] This patch enables ScanMail (for Microsoft Exchange)12.0 to send new-born URLs to Deep Discovery Analyzer. Issue 3: The Search & Destroy feature of ScanMail (for Microsoft Exchange)12.0 cannot delete messages from the German version of Exchange 2013. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [EN Hotfix 1741] This patch provides a way to set the local language for the Search & Destroy feature in ScanMail for Microsoft Exchange 12.0 to German in Exchange 2013. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure this option: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: SDLangID Type: REG_DWORD Data value: "0x07" = Search & Destroy uses German as the local language d. Restart the ScanMail (for Microsoft Exchange) service. Issue 4: After installing ScanMail for Microsoft Exchange 12.0 Service Pack 1 Patch 1, ScanMail cannot send files to the Virtual Analyzer server if users select the "Submit email messages to Virtual Analyzer" and "Register to the Virtual Analyzer" options at the same time on the Virtual Analyzer page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [EN Hotfix 1742] This patch restricts users to select to register ScanMail (for Microsoft Exchange)12.0 to the Virtual Analyzer server first and allows users to select the "Submit email messages to Virtual Analyzer" option only after ScanMail has successfully registered to the Virtual Analyzer server. Issue 5: Internal domains are not replicated when configuration replications is triggered from Trend Micro Control Manager(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [EN Hotfix 1747] This patch adds the internal domain to the Control Manager replication list so that ScanMail can replicate internal domains through Control Manager. Issue 6: ScanMail (for Microsoft Exchange)12.0 encounters an SQL error while running storage maintenance on a protected computer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [EN Hotfix 1748] This patch updates the "DeleteDanglingMsgEntries" database command to ensure that ScanMail for Microsoft Exchange 12.0 can perform storage maintenance on protected computers. Issue 7: After installing ScanMail for Microsoft Exchange 12.0, ScanMail does not automatically send notification email messages to senders and recipients of an email message if the Virtual Analyzer server returns an error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [EN Hotfix 1749] This patch enables users to configure whether ScanMail sends notification email messages to senders and recipients of an email message if the Virtual Analyzer server returns an error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To configure this option: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: DTASExtendedNotify Type: REG_DWORD Data value: "0" = (default)ScanMail for Microsoft Exchange does not sends notification email messages to senders and recipients if the Virtual Analyzer server returns an error. "1" = ScanMail for Microsoft Exchange send notification email messages to senders or recipients if the Virtual Analyzer server returns an error. d. Restart the ScanMail for Microsoft Exchange service. Issue 8: ScanMail for Microsoft Exchange 12.0 encounters a deadlock when the WinHTTP function operates synchronously even when ScanMail uses WinHTTP in asynchronous mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [EN Hotfix 1752] This patch resolves the deadlock issue. Issue 9: In ScanMail for Microsoft Exchange 12.0 on Microsoft Exchange 2010, when the source and target servers have different server roles, and administrators select an internal domain for replication, ScanMail fails to replicate the internal domains. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [EN Hotfix 1753] This patch enables ScanMail to add a return code to the response when it is configured to skip internal domains on a target server. This prevents access violations on the source server. Issue 10: If the sender's or recipient's mailbox name contains a percentage sign (%) and the Edge transport debug log is enabled, Microsoft Exchange Transport service may stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [JP Hotfix 1796] This patch enables ScanMail for Microsoft Exchange12.0 to handle the debug log correctly and prevents Microsoft Exchange Transport service from stopping unexpectedly. Issue 11: A manual scan or scheduled scan stops unexpectedly if ScanMail for Microsoft Exchange 12.0 cannot access the mailbox database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [EN Hotfix N/A] This patch resolves this issue. Issue 12: After users select specific folders to scan during a manual or scheduled scan, the store level real-time scan cannot scan messages since the real-time scan checks the folder name which is specified in the manual or schedule scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [EN Hotfix N/A] This patch ensures that the manual and scheduled scan settings do not affect the real-time scan settings. Issue 13: ScanMail for Microsoft Exchange 12.0 communicates with the ActiveUpdate (AU) server by HTTP which is unencrypted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [EN Critical Patch 1] This patch enables ScanMail for Microsoft Exchange 12.0 to communicate with the AU server by HTTPS by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 13: To configure this feature: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Locate the following key and set the appropriate value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: AUFromHTTPSServer Type: REG_DWORD Data value: "1" = (default)enables the solution "0" = disables the solution d. Restart ScanMail for Microsoft Exchange. Issue 14: A Cross-Site Request Forgery (CSRF) vulnerability in ScanMail for Microsoft Exchange 12.0 may allow remote attackers to submit a malicious request to the ScanMail server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: [EN Critical Patch 1] This patch resolves the CSRF vulnerability. Issue 15: A cross-site scripting (XSS) vulnerability in ScanMail for Microsoft Exchange 12.0 may enable attackers to inject client-side scripts into web pages viewed by other users. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: [EN Critical Patch 1] This patch resolves the XSS vulnerability. Issue 16: The approved sender list in the antispam filter is also applied to the Web Threat Protection (WTP) filter in ScanMail for Microsoft Exchange 12.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [EN Hotfix N/A] This patch ensures that the antispam filter's approved sender list is not applied to the WTP filter. Issue 17: The detected suspicious URLs in certain formats may not display correctly on the Web Reputation log query page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [EN Hotfix N/A] This patch improves the normalization algorithm to ensure that extracted URLs can be displayed correctly in the log query page. Issue 18: ScanMail for Microsoft Exchange 12.0 allows users to download pattern and engine files from a customized AU source without checking the signature file for the downloaded components. This may trigger a vulnerability issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: [EN Hotfix 4289] This patch restricts ScanMail for Microsoft Exchange 12.0 to download only from the official Trend Micro AU server and to communicate with the server using HTTPS. This ensures that the signature file and certificate of each downloaded component are verified. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 18: To configure this option: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add or locate the following key: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: AUFromOtherSource Type: REG_DWORD Data value: "1" = Allows users to download pattern and engine files from a customized AU source "0" = (default) Rrestrict ScanMail (for Microsoft Exchange 12.0 to download only from the official Trend Micro AU server NOTES: If the AU source has been customized, this feature will not take effect and may trigger a vulnerability issue. Issue 19: ScanMail for Microsoft Exchange 12.0 does not take any action on an email message that has been detected as risky by the Virtual Analyzer server but cannot be detected by the Advanced Threat Scan Engine (ATSE) even when the Security Risk Scan action is set to "ActiveAction". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: [EN Hotfix N/A] This patch enables ScanMail for Microsoft Exchange 12.0 to take the quarantine all action on risky email messages that are not detected by the ATSE when the Security Risk Scan action is set to "ActiveAction". 9. Files Included in This Release ====================================================================== This is a full package release. Detail files list refer to ScanMail (for Microsoft Exchange 12.0 Patch 3 for Service Pack 1 installation package. 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide