<> Trend Micro Incorporated July 5, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) for Microsoft(TM) Exchange(TM) 14 Patch 5 Build 3092 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail (for Microsoft Exchange) 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail (for Microsoft Exchange) ====================================================================== ScanMail protects Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. Use the ScanMail installation program to quickly install ScanMail to one or more, local or remote, Exchange servers. Once installed, ScanMail can protect your servers in real time against viruses/malware, Trojans, worms, and spyware/grayware. ScanMail sustains business and network integrity by screening out spam messages and messages containing undesirable or unwanted content. ScanMail monitors and protects sensitive information that is traveling across your network. 1.1 Overview of This Release =================================================================== ScanMail (for Microsoft Exchange) 14 Patch 5 consolidates all solutions to issues resolved after the release of ScanMail for Microsoft Exchange 14 build. 1.2 Who Should Install This Release =================================================================== You should install this Patch if you are currently running any ScanMail (for Microsoft Exchange) 14 build. 2. What's New ====================================================================== NOTE: Please install the Patch before completing any procedures in this section (see "Installation"). This Patch addresses the following issues and includes the following enhancements: 2.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [SEG-91874][Hotfix 3085] Header Folding - When an email message ID is longer than the maximum length, it will be cut into parts with a CRLF SPACE by header folding. This Patch allows users to configure whether ScanMail folds a message ID or not. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure ScanMail not to fold a message ID that is longer than the maximum length: 1. Install this Patch (see "Installation"). 2. Open the Registry Editor: 3. Add the following key and set its value to "1": * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: NoFoldMessageID * Type: REG_DWORD * Data values: "1" message ID's are not folded "0" message ID's are folded (default value) Enhancement 2: [SEG-NA][Hotfix NA] Internal Modules - This Patch updates the icu, boost, and GoogleProtocolBuffer modules. 2.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: [SEG-91291][Hotfix 3081] If the ScanMail database connection string contains any specific ports, the LogForward process cannot query ScanMail database successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch resolves this issue. Issue 2: [VRTS-5143][Hotfix 3082][Hotfix 2094 JP] Some modules that ScanMail uses is affected by the CVE-2020-1968 vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch updates the corresponding modules to resolve the vulnerability. Issue 3: [SEG-97265][Hotfix 3084] Sometimes, ScanMail does not recognize .docx files compressed into a .rar file. When this happens, the "Do not block embedded files in Microsoft Office 2007 or later files" option does not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch resolves the issue so ScanMail can correctly recognize compressed .docx files. Issue 4: [NA][Hotfix NA] When users specify recipients for the "Anyone excluding specific recipients" option in the "Global Approved List" settings, the setting cannot be saved successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch helps ensure that the setting can be configured successfully. Issue 5: [SEG-91291][SEG-96140][Hotfix 3086] Sometimes, other scheduled ScanMail tasks do not run because the Log Forward scheduled task did not run normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Patch resolves this issue. Issue 6: [SEG-103756][Hotfix 3087] After updating from version 11.0 to version 14.0, ScanMail for Microsoft Exchange cannot check the connection to a separate ScanMail for Microsoft Exchange database successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch ensures that ScanMail for Microsoft Exchange can check the database connection successfully. Issue 7: [SEG-104460][Hotfix 3089] An issue related to Active Directory (AD) Group nesting prevents a user under a nested group from logging on to the ScanMail for Microsoft Exchange web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Patch resolves the AD Group nesting issue. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying ScanMail (for Microsoft Exchange). - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== There are no changes to the system requirements in the ScanMail (for Microsoft Exchange) 14 readme file. 5. Installation ====================================================================== This section explains key steps for installing. - This Patch supports remote and multi-server deployment. - This Patch automatically restarts the following services on both Normal and Cluster Servers: - ScanMail (for Microsoft Exchange) Master Service - ScanMail (for Microsoft Exchange) Remote Configuration Server - ScanMail (for Microsoft Exchange) System Watcher - ScanMail EUQ Monitor - Microsoft Exchange Transport - MOM service - HealthService service - To install or uninstall this Patch, you must have at least local administrator and domain user privileges. 5.1 Installing =================================================================== To install: 1. Log on using an account with local administrator and domain user privileges. 2. Run "smex_140_win_en_patch5_b3092.exe" and select "Install". The framework automatically installs the Patch to the appropriate directory, replaces the outdated files, and updates the database. The "Successfully completed" count increases upon the completion of the installation. 3. Clear the browser cache and re-launch the browser. 5.2 Uninstalling =================================================================== To roll back to the previous build, run "smex_140_win_en_patch5_b3092.exe" and select "uninstall". The framework automatically rolls back to the previous build and a confirmation message indicating a successful uninstallation is displayed on the setup screen. 6. Post-Installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues in this release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download ScanMail 12.0 for Microsoft Exchange, March 2016 ScanMail 12.0 for Microsoft Exchange Service Pack 1, November 2016 ScanMail 12.5 for Microsoft Exchange, November 2017 ScanMail 12.5 for Microsoft Exchange Service Pack 1, August 2018 ScanMail 14.0 for Microsoft Exchange, June 2019 ScanMail 14.0 for Microsoft Exchange Patch 1, September 2019 ScanMail 14.0 for Microsoft Exchange Patch 2, December 2019 ScanMail 14.0 for Microsoft Exchange Patch 3, April 2020 ScanMail 14.0 for Microsoft Exchange Patch 4, December 2020 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in Patch 1: Enhancement 1: [SEG-52055] Attachment Blocking Filter and Virtual Analyzer - Users can now configure ScanMail to detect PDF files with embedded scripts through the attachment blocking filter settings and in Virtual Analyzer. Enhancement 2: Approved List – A global approved list feature has been added to enable ScanMail to bypass all scanning for specific senders and recipients. Enhancement 3: [SEG-42090] Security Risk Filter - Users can now create an approved list of file extension name(s) such as "jretk" for the Security Risk filter. Enhancement 4: TrendX - ScanMail now supports Signature extraction in TrendX. Enhancement 5: ScanMail Configuration – Some common hidden keys have been added to the web console to allow users to configure the related feature from the ScanMail web console. Enhancement 6: Data Loss Prevention(TM) Template - The DLP template has been updated to version 3.1.1036. Enhancement 7: [SEG-45978] [SEG-52236] [Hotfix 2041] Content Violation Logs – ScanMail can now send unscannable message parts logs to Trend Micro Control Manager(TM). These logs will appear under Content Violations logs. NOTE: For the solution to work, you need to apply "tmcm_70_patch1_win_en_hfb3097.zip" onto Control Manager 7 first. The hotfix can be downloaded from the following link: https://fix-int.trendmicro.com/product/10/release/429/hotfix/9828 Enhancement 8: [SEG-47536] [Hotfix 2046] Log Queries - ScanMail uses the Envelope Sender of an email message as the Mail Sender in some features and stores this information in the database. This means that Envelop Sender will appear as the sender information in Log Query results. Users can now configure ScanMail to use and store the address from the "From" header for the sender information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: UseHeaderSenderInLog * Type: REG_DWORD * Data value: "0" = ScanMail uses and stores the envelope sender of an email message as the mail sender (default). "1" = ScanMail uses and stores the information in the "From" header as the mail sender. 4. Restart the ScanMail service. Enhancement 9: [SEG-54685] [JP Hotfix 2641] Email Scans - ScanMail cannot scan deleted email messages in the Recoverable Folder in Exchange 2013 and Exchange 2016. This patch provides an option to configure ScanMail to scan deleted email messages in the Recoverable Folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: SkipScanDeletedRecoverableFolder * Type: REG_DWORD * Data value: "1" = ScanMail does not scan deleted email messages in the Recoverable Folder (default). "0" = ScanMail scans deleted email messages in the recoverable folder. 4. Restart the ScanMail service. 8.1.2 Resolved Known Issues =================================================================== Patch 1 resolves the following issues: Issue 1: [SEG-50638] [Hotfix 1311] The System Watcher service closes immediately after starting or restarting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The System Watcher service now runs normally. Issue 2: [SEG-51208] [Hotfix 1310] Users encounter the following issues while running a Quarantine Query on a remote server(s): - After users delete a message from the quarantine folder using the "Delete" button, the confirmation pop up and progress bar appear, but the message remains in the query results and in the quarantine folder. - If a query returns multiple pages of results, clicking the next page arrow resets the page view. - When users click the "Search", "Delete" or "Resend" button, the "Selected Server(s)" and "Available Server(s)" lists are displayed empty. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: These known issues have been resolved. Issue 3: [SEG-47942] [Hotfix 2037] When users send time-of-click (TOC) log queries to remote servers and filter results by URL, the query results still display all TOC logs, but those sent to local servers can filter the results normally. This happens because the URL filter is not carried to the remote server so remote servers respond with all TOC logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The URL parameter has been added in the remote query function to resolve this issue. Issue 4: [SEG-47788] Exchange email messages cannot be detected as internal messages so that system email messages are sent to Trend Micro Deep Discovery Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: ScanMail no longer sends system-generated email messages to Deep Discovery Analyzer. Issue 5: [SEG-43197] Manual Scan takes a long time to complete when the "Scan messages that have not been scanned" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that manual scans run normally with the option. Issue 6: [SEG-48122] [Hotfix 2040] ScanMail may encounter a mail loop issue when the "Submit email messages to Virtual Analyzer" option is enabled simultaneously with the URL rewrite feature. This happens when ScanMail cannot verify if the URL has already been rewritten or not, and keeps attempting to rewrite the URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This issue has been resolved. Issue 7: [SEG-42320] [Hotfix 1823] An issue prevents ScanMail for Microsoft Exchange from running certain database operations that contain datetime information on some Windows platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This issue has been resolved by changing the datetime format in the affected database operations. Issue 8: [SEG-48497] [Hotfix 2045] Users cannot delete items from a mailbox using the Search & Destroy function because certificate validation by EWS Managed API is not successful. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: Certificate validation by EWS Management API completes successfully. Issue 9: [SEG-53244] [Hotfix 2045] The TrendMicro Site Safety Center URL "http://reclassify.wrs.trendmicro.com" in the "Web Reputation Filter" page of the ScanMail web console cannot be accessed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The TrendMicro Site Safety Center URL on the page has been updated to: "https://global.sitesafety.trendmicro.com". Issue 10: [SEG-52663] The "Take action on unrated URLs" option in the Web Reputation settings is disabled automatically when the "Enable URL Analysis" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The "Take action on unrated URLs" option in the Web Reputation settings can now be enabled successfully when the "Submit email messages to Virtual Analyzer" or "Enable URL Analysis" is disabled. Issue 11: [SEG-53238] [Hotfix 1321] The ScanMail 14 Online Help page redirects to ScanMail 12.5 pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The Online Help page now redirects to the correct pages. NOTE: Clear your browser cache and log in to ScanMail again after applying this patch. Issue 12: [SEG-51440] [Hotfix 2044] A URL extracted from an email message with text/plain content type but is in RTF format may not contain the "\line" RTF flag and may be rewritten. When this happens, the email message will not display correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: ScanMail can now correctly identify that a plain text email message that starts with an RTF flag is in RTF format. This allows ScanMail to skip rewriting URLs in this kind of email messages. Issue 13: [SEG-51783] The DLP policy exception does not work if other non-exception addresses are listed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: The issue has been resolved by adding a boundary match and a condition to decide whether to retrieve the recipient information from an email message. Issue 14: [SEG-57951] The following issues have been discovered in ScanMail: 1. The following System Event settings cannot be replicated through the "Server Management" page of the web console or through Control Manager. - Predictive Machine Learning service was - Writing Style service was 2. The "Apply All" button on the Notification Settings section of the Administration web console does not work on the following alert settings: - System Event Predictive Machine Learning service was - Writing Style service was ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: Both System Event settings can now be replicated through the "Server Management" page and the Control Manager web console. This patch also ensures that the "Apply All" button works on both alert settings. 8.2 Patch 2 =================================================================== 8.2.1 Enhancements =================================================================== The following enhancements are included in Patch 2: Enhancement 1: [SEG-60644][SEG-63413] Unscannable Message Logs - Administrators can now configure the type of unscannable message log ScanMail sends to Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this feature: 1. Install this patch (see "Installation"). 2. Open Registry Editor. a. Locate the following key and set the preferred values as follows: *Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion *Key: SkipSendUnscannableMessageLogToCM *Type: REG_DWORD *Data value: "0" = enable ScanMail to send unscannable message parts log to Control Manager (default). "1" = disable ScanMail to send unscannable message parts log to Control Manager. NOTE: If SkipSendUnscannableMessageLogToCM is set to 1, skip step b. b. If SkipSendUnscannableMessageLogToCM is not configured or set to 0, locate the following key and set the preferred value: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key:UnsupportMessageTypesSendToCM * Type: REG_SZ * Data value: - "1;2;3;4" = (default) ScanMail sends all types of unscannable message logs to Trend Micro Control Manager. NOTE: Separate unscannable message log type by a semi-colon (;) - 1 represents "Encrypted email messages". - 2 represents "Encrypted and password protected files". - 3 represents "Files outside of scan restriction criteria". - 4 represents "Unsupported or corrupted files" 3. Restart the ScanMail service. Enhancement 2: Policy Violation Logs - ScanMail can now integrate with Trend Micro Cloud App Security to provide visibility of policy violation logs from one or more ScanMail servers on Cloud App Security. 8.2.2 Resolved Known Issues =================================================================== Patch 2 resolves the following issues: Issue 1: [SEG-58468][Hotfix 1335] Hebrew file names do not display correctly in the Deep Discovery Analyzer web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: When attachment file names are encoded in base64, wide characters are transformed to UTF-8 before encoding. However, during base64 decoding, the function that transforms multibyte characters to wide characters is called instead of the one that transforms UTF-8 characters to wide characters. As a result, Hebrew file names cannot be displayed correctly in the Deep Discovery Analyzer web console. The correct function is called to transforms UTF-8 to wide characters, while decoding attachment file names in base64, and thus display the Hebrew file names correctly. Issue 2: [SEG-62061][Hotfix 1337] TrendX scan results on the ScanMail for Exchange console may not contain information on viruses detected in OLE layers because the scan results are released before the final scan results are recorded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: TrendX scan results are now released only after the final scan results are recorded, so that the viruses detected in OLE layers appear as detected using TrendX in scan results. Issue 3: [SEG-59825] When resending an email with original quarantined email as attachment, the quarantined email triggers Advanced Spam Prevention rule, and as a result, the attachment becomes a document file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue has been resolved. Issue 4: [SEG-63222] The numbers of Deep Discovery Analyzer submissions are sometimes mismatched between the ScanMail web console and the Deep Discovery Analyzer web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This issue is caused by inappropriate handling method on 0 size attachment. This has been resolved. Issue 5: [VRTS-3703] Code Injection vulnerability in OpenSSL/libcurl is caused by a non-privileged user or program that can put code and a config file in a known non-privileged path and make cURL automatically run the code (as an OpenSSL "engine") on invocation. If that cURL is invoked by a privileged user, it can do anything that it is designed to perform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The Trend Micro common modules have been updated to fix this known issue. Issue 6: [SEG-59268] Trend Micro Apex Central identifies and searches for connected ScanMail servers using hostname only, and not by FQDN or IP address. However, this method is not ideal for large environments that contain several domains where some suffixes are not in the dns-suffix-search-list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: Apex Central can now identify connected ScanMail servers using FQDN. 8.3 Patch 3 =================================================================== 8.3.1 Enhancements =================================================================== The following enhancements are included in Patch 3: Enhancement 1: Integration with Cloud App Security - ScanMail now integrates with Trend Micro Cloud App Security to provide visibility and resend capability of quarantined logs from one or more ScanMail servers on Cloud App Security. Enhancement 2: Data Loss Prevention Identifiers – ScanMail now supports file attribute detection in Data Loss Prevention. Enhancement 3: Quarantine – Users can now configure whether quarantined messages need Web Reputation rescanning before being sent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: EnableResendWithWRSUI * Type: REG_DWORD * Data value: "1" = ScanMail shows the option to support Web Reputation protection when resending a quarantined message "0" = ScanMail does not show the option to support Web Reputation protection when resending a quarantined message (default) 8.3.2 Resolved Known Issues =================================================================== Patch 3 resolves the following issues: Issue 1: [SEG-56061][Hotfix 3008] When "SpecialUser/Groups" is configured in ScanMail filters, memory leak may happen in ScanMail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The cache has been updated to prevent the memory usage issue. Issue 2: [SEG-63660][Hotfix 3009] In certain environments, one SQL instance may contain a large number of ScanMail databases. This causes performance issues while ScanMail checks the database connection and runs SQL queries ["SELECT COUNT(TABLE_NAME) as num FROM INFORMATION_SCHEMA.TABLES"] from the system view. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: ScanMail can now run the queries from the database itself (instead of running the queries from the system view) to help prevent the performance issues. Issue 3: [SEG-70457][Hotfix 3010] Quarantine Maintenance is prevented from deleting some files that were quarantined by the "Quarantine message part" action from the quarantine folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Quarantine Maintenance can now successfully delete files that were quarantined by the "Quarantine message part" action from the quarantine folder. Issue 4: [SEG-67814][Hotfix 3011] Under certain conditions, ScanMail may not be able to register successfully to Apex Central through port 443. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: ScanMail can now apply the test connection settings in the ini file of Control Manage when testing the connection to Apex Central. Issue 5: [SEG-67397][Hotfix: NA] When detecting New Spam resources is enabled, URL Time-of-Click protection does not rewrite URLs except newly born URLs and unrated URLs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The URLs can now be rewritten properly. Issue 6: [SEG-69405][Hotfix: NA] After ScanMail quarantines a message, the log may not be inserted into the database. Therefore, users cannot find the log from quarantined logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: The log is inserted into the database successfully. Issue 7: [SEG-64877][Hotfix 3019] An issue related to the parsing function of the dtSearch module prevents ScanMail for Microsoft Exchange from detecting keywords. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The dtSearch has been updated to the latest version to resolve the issue. Issue 8: [SEG-67801/SEG-63413][Hotfix: NA] Hotfix 14.0.0.1340 provides a way for users to configure the types of unscannable message parts logs that ScanMail sends to the Apex Central server. Users request to implement this feature to the UI of the ScanMail web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: Hidden keys have been added to the ScanMail web console under "Administration > Apex Central Settings > Unscannable Message Parts Logs". On this UI, users can select the types of unscannable message parts logs sent to Apex central. Issue 9: [SEG-72957][Hotfix 3014] Microsoft packaged a password-protected document as a .doc file. When uses check the box to allow password protected Office documents and block .doc files, password protected Office documents will be blocked. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: When ScanMail detects .doc files, it will first skip password-protected documents. ScanMail will then block password-protected documents only if the users check the box to allow password protected Office documents. 8.4 Patch 4 =================================================================== 8.4.1 Enhancements =================================================================== The following enhancements are included in Patch 4: Enhancement 1: [SEG-79499] [Hotfix 3033] cmdlets - The following two options are provided to remove the "Organization Management" requirement. Each option has different privilege requirements. Option 1: Add the "EWSLocalCall" hidden key, set the value to "0", then use Remote Runspace to run Exchange cmdlets. Option 2: If the "EWSLocalCall" hidden key does not exist or is set to "1". ScanMail will use the Local Runspace to run Exchange cmdlets. NOTE: Enable this enhancement only when ScanMail services are run using a Windows account and the user does not want to grant Organization Management rights to the Windows account. It is not necessary to enable this enhancement if the ScanMail service runs as Local System since "Organization Management" is not a requirement for Local System. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To set the option and the corresponding privileges for the Service Account in both options: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key and set the preferred value: * Key: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Value: EWSLocalCall * Type: REG_DWORD * Data value: - "1" = ScanMail runs cmdlets in a Local Runspace (default value) - "0" = ScanMail runs cmdlets in a Remote Runspace 4. Select and perform the preferred option below. * To use Remote Runspace to run Exchange cmdlet, grant the ScanMail account the following privileges: - Domain User - Local Administrators - Exchange ApplicationImpersonation role - View-only Organization Management group - Read All Properties and List content permissions * To grant Read All Properties and List content permissions, run the following command in the Exchange Management Shell: Get-OrganizationConfig | Add-ADPermission -User -AccessRights "ListChildren, ReadProperty" * To use the Search & Destroy feature to run Exchange cmdlet, grant the ScanMail account the Organization client Access role aside from the five privileges listed in the first option above. For other privileges required to run Search & Destroy, refer to the ScanMail "Administrators Guide". * To use the Local Runspace to run the Exchange cmdlet, provide the ScanMail Service account with the ms-Exch-Store-Admin right aside from the six rights specified in the previous options. To do this, run the following command in the Exchange Management Shell: Get-MailboxDatabase | Add-ADPermission -User -ExtendedRights ms-Exch-Store-Admin 5. Restart ScanMail services. Enhancement 2: Quarantine Logs – Some columns have been added in quarantine logs that are sent to CAS. Enhancement 3: [SEG-82956] [Hotfix 3049] Event Log Notifications – ScanMail now sends Windows event log notifications when it scans multiple email messages unsuccessfully. Enhancement 4: [SEG-86591] [Hotfix 3052] Quarantine Maintenance - Users can now configure ScanMail to run "Quarantine Maintenance" based on the creation time of quarantined files. NOTE: This enhancement works only when the "All quarantined files" is specified under the "Files to Delete" field in both "Manual" and "Automatic" Quarantine Maintenance settings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: EnableQMBasedOnFileTime Type: REG_DWORD Data value: "1" = ScanMail runs "Quarantine Maintenance" based on creation time of quarantined files (default behavior after this Hotfix is installed) "0" = disables the feature 4. Restart the ScanMail service. Enhancement 5: [SEG-91957] Macro Files - Users can now configure whether ScanMail takes action on Macro files based on the email direction. Enhancement 6: [SEG-92586] Engine Updates - Users can now configure what type of engines that ScanMail should not download from Trend Micro Apex Central(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following keys and set the preferred values: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: EngineTypesNotUpdateFromCM * Type: REG_SZ * Data values: "1" = VSAPI engine "2" = TMASE engine "3" = TMUFE engine "4" = ATSE engine "5" = TRXHANDLER engine NOTE: For multiple values, separate each value using a semi-colon ";". If "UnsupportMessageTypesSendToCM" does not exist, it will be set to "3;5". If "UnsupportMessageTypesSendToCM" is empty, all engines for ScanMail can be downloaded from Apex Central server. 4. Restart the ScanMail service. 8.4.2 Resolved Known Issues =================================================================== Patch 4 resolves the following issues: Issue 1: [SEG-75155][Hotfix 3034] The DLP File Attribute may not work correctly when "EmMaxDecompressLayerCount=0". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The eManager module has been updated to version 7.6.0.1288 to ensure that the DLP File Attribute works normally when "EmMaxDecompressLayerCount=0". Issue 2: [SEG-78381][Hotfix 3037] An issue related to the "util_Cache.h" file triggers an "Access Violation" error which causes ScanMail to stop unexpectedly when it calls the "SetData" function. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been resolved. Issue 3: [SEG-75109][Hotfix 3038] When configuration replication runs while Virtual Analyzer is running on the target machine, ScanMail unregisters from and then registers again to Deep Discovery Analyzer using a new product key. If there are documents and jobs in the DTAS handling queue that use the previous product key, Deep Discovery Analyzer returns an error code 419 for "Product is not Registered" and the files are not analyzed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The errors have been resolved so that files in the "VA" working queue are processed successfully under the scenario described above. Issue 4: [SEG-78714][Hotfix 3039] The CMAgent sends "[Command] A duplicate command was ignored" logs without a "SUCCESS" status to Apex Central. This causes Apex Central to detect a large number of failed update deployments even when the commands are still running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The CMAgent now promptly tags "[Command] A duplicate command was ignored" command tracking entries as "Successful" commands. Issue 5: [SEG-78381][Hotfix 3040] When the ScanMail service restarts after ScanMail log generation is enabled, tmase logs are also enabled automatically and can only be disabled by disabling ScanMail log generation and restarting the ScanMail service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This issue has been resolved. Issue 6: [SEG-81269][Hotfix 3042] BIN files in Microsoft Excel 2007 files and any higher version Excel files triggers ScanMail to block these Excel files when the "Do not block embedded files inside Microsoft Office 2007 or later files" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: ScanMail now skips Excel files normally when the "Do not block embedded files inside Microsoft Office 2007 or later files" option is enabled. Issue 7: [SEG-81831][Hotfix 3048] Multiple entries appear for the same product entity on the "Product License Log Query" page of the Control Manager. All additional entries display "N/A" in certain fields. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The CMAgent in ScanMail has been updated to prevent duplicate ScanMail entries on the Control Manager console. Issue 8: [SEG-77257][Hotfix 3047] In hybrid Exchange environments, running Search and Destroy on all on-premise mailboxes triggers the search server to return a "The user does not have an Exchange mailbox." message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The cmdlet "Get-Mailbox" has been added to pipe the mailboxes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To configure this Hotfix: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: PipeForSearchAllMailbox *Type: REG_DWORD *Data value: "1" = enable ScanMail to use the new cmdlet to search all on-premise mailboxes (default behavior after this fix is installed) "0" = disable ScanMail to use the new cmdlet to search all on-premise mailboxes 4. Restart the ScanMail service. Issue 9: [VRTS-4870][Hotfix N/A] A directory traversal vulnerability occurs when Trend Micro PortalProtect(TM) downloads engine files or pattern files from the local ActiveUpdate (AU) server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The ActiveUpdate modules have been updated to resolve this issue. Issue 10: The terms "white list" and "black list" may appear in some ScanMail configuration filenames and HTML pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: These terms have been replaced on affected filenames and HTML pages. Issue 11: [SEG-82956][Hotfix 3049] An issue prevents ScanMail from restoring scan mediator if scan mediator launches unexpectedly. This affects filter scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: ScanMail can now restore scan mediator under the scenario described above. Issue 12: [SEG-82797][Hotfix 3050] Some ScanMail for Exchange binary files related to the eManager module use 3rd-party digital signatures instead of the Trend Micro digital signature to run the Vulnerability Scanner. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: The digital signatures of these binary files have been replaced with the Trend Micro digital signature. Issue 13: [SEG-82945][Hotfix 3051] When the "Detect new spam sources" option is enabled, ScanMail does not send certain URLs to Trend Micro Deep Discovery Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: ScanMail now sends the correct URLs to Deep Discovery Analyzer for analysis when the "Detect new spam sources" option is enabled. Issue 14: [SEG-84214][Hotfix 3053] An issue prevents Virus Scans from performing certain scanning operations to detect threats when Predictive Machine Learning Scan is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This issue has been resolved. Issue 15: [SEG-81621][Hotfix 3054] The Writing Style Training program cannot run successfully on protected computers. This happens when ScanMail cannot retrieve the correct Internal URL property for the Exchange Web Services (EWS) virtual directory or when the EWS virtual directory stops working. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: Users can now specify the Internal URL property of the EWS virtual directory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 15: To configure this option: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set its value to the Internal URL property: * Key: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: EWSInternalUrl * Type: REG_SZ * Data: Internal URL value of EWS Virtual Directory Issue 16: [SEG-91846] When a message needs to be sent to the Deep Discovery Analyzer Server for analysis, ScanMail quarantines this message temporarily and then resends it for further action. When the message is resent, the Exchange Server assigns a new "Message-ID" to it which triggers ScanMail to treat the resent message as a new email and prompts it to scan the message again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: Users can now configure ScanMail to skip the Message-ID checking for quarantined email messages, so ScanMail does not scan it repeatedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 16: To configure this option: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add or locate the following key and set the preferred value: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion * Key: SkipResendMessageIdCheck * Type: REG_DWORD * Data value: "1" = ScanMail skips Message-ID checking for quarantined email messages "0" = ScanMail checks Message-ID of quarantined email messages （default） 4. Restart the ScanMail service. Issue 17: [SEG-88857] When configuration replication runs while ScanMail is connected to the Deep Discovery Analyzer server using its GUID, ScanMail creates a new GUID which cannot be used to connect to the Deep Discovery Analyzer server but is stored in the database. When the ScanMail service restarts, it will use the new GUID to send samples to Deep Discovery Analyzer which will return an error code 419 for "Product is not Registered". If this happens, the files are not analyzed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: The error has been resolved which ensures that ScanMail does not create a new GUID during configuration replication. Issue 18: [SEG-91722] The ScanMail Master Service stops unexpectedly when the specified "User ID" or "Password" in the "Proxy Settings" page exceeds the length limitation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: Alert messages have been added and ScanMail now displays an alert when "User ID" or "Password" has exceeded the length limitation. 9. Files Included in This Release ====================================================================== This is a full package release. Detail files list refer to ScanMail (for Microsoft Exchange) 14 installation package. 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, Data Loss Prevention, OfficeScan, eManager, Apex Central, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide