<> Trend Micro Incorporated April 7, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) for IBM(TM) Domino(TM) for Microsoft(TM) Linux(TM) 5.8 64-bit Patch 1 - Build 1090 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail for IBM Domino for Linux 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 6.1 Post-Installation Configuration (from Previous Versions) 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail for IBM Domino for Linux ======================================================================== Trend Micro ScanMail for IBM Domino works in real time to prevent viruses, malicious code, and unwanted content from entering your Domino environment via email, replication, or infected documents. Malware scanning is performed in memory, which significantly increases the scanning speed. ScanMail offers flexible, scalable configuration and remote management through the Notes workspace, as well as Web access of ScanMail databases. ScanMail is fully compatible with Trend Micro Control Manager(TM), Trend Micro centralized management console that lets you consolidate antivirus and content security protection into a cohesive solution. 1.1 Overview of This Release ===================================================================== This Patch consolidates all previous hotfix releases of ScanMail for IBM Domino for Linux 5.8 64-bit. 1.2 Who Should Install This Release ===================================================================== Install this release if you are running ScanMail for IBM Domino for Linux 5.8 64-bit version. 2. What's New ======================================================================== NOTE: Please install the Patch before completing any procedures in this section (see "Installation"). This Patch addresses the following issues and includes the following enhancement: 2.1 Enhancements ==================================================================== The following enhancements are included in this release: [No Hotfix](Jira-seg-82179) Enhancement 1: True File Types - This Patch enables ScanMail for IBM Domino to support the "VSDT_MSI" and "VSDT_LNK" true file types. [No Hotfix](No Case) Enhancement 2: Scheduled Updates/Scans – This Patch updates the procedure for scheduled updates and scans. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Jira-seg-44837 SMID5.8 Linux EN Hotfix 1026 ISSUE 1 Issue 1: When the APT filter is enabled, it may take several minutes before any action is done after the "smddtas.nsf" file indicates that a sample is ready to be reprocessed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch resolves the issue by making sure that ScanMail wakes up the reprocess thread as soon as the "smddtas.nsf" file indicates that a sample is ready to be reprocessed. Jira-seg-49291 SMID5.8 Linux EN Hotfix 1039 ISSUE 1 Issue 2: Sometimes, the Data Loss Prevention(TM) (DLP) template cannot be updated successfully in the ScanMail Configuration Database after ScanMail is updated from version 5.6 to version 5.8. This causes the Domino server to stop unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch ensures that the DLP template can be updated successfully on the ScanMail Configuration Database. NOTE: This solution should be applied on ScanMail 5.8 ONLY if it has been upgraded from version 5.6 and NOT on newly-installed ScanMail 5.8. Jira-seg-79358 SMID5.8 Linux EN Hotfix 1067 ISSUE 1 Issue 3: The nSMDreal task may stop unexpectedly during pattern updates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch updates the ScanMail program to prevent the issue. Jira-seg-79914 SMID5.8 Linux EN Hotfix 1071 ISSUE 1 Issue 4: An email message that contains only embedded objects may be held in the quarantine database (smddtas.nsf) longer than the configured maximum wait time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch updates ScanMail to ensure that email messages that contain only embedded objects are not held up in the quarantine database. VRTS-4873 SMID5.8 Win EN Critical Patch 1070 ISSUE 1 Issue 5: A directory traversal vulnerability occurs when ScanMail downloads engine files or pattern files from the local ActiveUpdate (AU) server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Patch updates the Trend Micro ActiveUpdate modules to resolve this issue. Jira-seg-91242 SMID5.8 Linux EN Hotfix 1083 ISSUE 1 Issue 6: Sometimes, SMDcm stops responding after receiving a "quit" command. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch prevents the issue by upgrading the AgentSDK module. Jira-seg-64756 SMID5.8 Win EN Hotfix 1061 ISSUE 1 Issue 7: When the Advanced Threat Scan Engine (ATSE) and the "APT Prevention Filter > Scan Settings > Select attachments to scan > Microsoft Office file with micros" option are enabled while the "Security Risk Scan > Advanced Options > Macros in Microsoft Office files" is disabled, a Microsoft Office file attachment containing micros that does not meet all criteria for Trend Micro Deep Discovery Analyzer will be treated as "HEUR_HAS_MACRO" and will be scanned by ATSE. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Patch ensures that ATSE does not process Office file attachments that contain micros as "HEUR_HAS_MACRO" files under the scenario described above. Jira-seg-68509 SMID5.8 Win EN Hotfix 1066 ISSUE 1 Issue 8: The nSMDdbs task may stop unexpectedly during a scheduled database scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Patch resolves the issue by allowing users to prevent ScanMail from automatically setting the locale. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To prevent ScanMail from automatically setting a locale: 1. Install this Patch (see "Installation"). 2. Open "notes.ini" using a text editor. 3. Add the following hidden key and set its value to "1". SMD_WITHOUT_SETLOCALE=1 4. Save the changes and close the file. Jira-seg-48296 SMID5.8 Win EN Hotfix ISSUE 1 Issue 9: If smdreal runs without the "SMD_SPLITMAIL_RECALL_ENABLED=1" in "notes.ini", the Domino server stops unexpectedly after users run the following commands on the Domino console: set conf SMD_SPLITMAIL_RECALL_ENABLED=1 tel smdreal quit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This Patch updates the ScanMail program to prevent the issue. Jira-seg-67866 SMID5.6 Win EN Hotfix 4909 ISSUE 1 Issue 10: The nSMDcm task may stop unexpectedly when the Domino server starts up. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This Patch prevents the issue by ensuring that only one configuration thread exists at any given time. Jira-seg-86942 ISLD5.0 AIX64-bit JP Hotfix 3558 ISSUE 1 Issue 11: VSAPI engine and pattern update events in ScanMail do not appear in the Control Manager server's event viewer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This Patch ensures that VSAPI engine and pattern update events in ScanMail appear in the Control Manager server's event viewer. Jira-seg-99366 SMID5.8 Win EN Hotfix ISSUE 1 Issue 12: smdreal may stop unexpectedly when the "SMDExtractMailWithNotesStyle=1" hidden key is set and and the TMASE filter is enabled in TMASE engine 7.6.1015 and any higher version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This Patch updates the ScanMail program to prevent the issue. VRTS-5099 SMID5.8 Win EN Hotfix ISSUE 1 Issue 13: There is vulnerability related to VSAPI/ATSE API (VSDecompress). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This Patch replaces VSAPI/ATSE API (VSDecompress) with AFI. Jira-seg-50818 SMLD5.0 AIX64-bit EN Hotfix 3509 ISSUE 1 Issue 14: An email in rich text format will lose its mail history content when the following two conditions occur: - the "SMD_SPLITMAIL_RECALL_ENABLED" hidden key is enabled - the email message partially matches a ScanMail rule ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This Patch resolves the issue by enabling ScanMail to open mail notes using the "OPEN_RAW_MIME" parameter. Jira-seg-40973 SMID5.8 Win EN Hotfix ISSUE 1 Issue 15: Sometimes an email message is put on hold when all of the following conditions are met: - the email message is routed to another email server by the "SMD_SPLITMAIL_RECALL_ENABLED=1" hidden key - the email message partially matches policies - the email message is split. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This Patch updates the ScanMail program to prevent the issue. VRTS-5554 SMID5.8 Win EN Critical Patch ISSUE 1 Issue 16: An issue related to the offset value validation task causes the VSAPI and ATSE engines to go into an infinite loop while parsing a crafted .chm file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This Patch resolves the issue to ensure that the engines can parse crafted .chm files normally. NOTE: This solution requires that the VSAPI and ATSE engines are updated to version 12.500.1004 or any higher version. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Linux. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail for IBM Domino for Linux. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to https://success.trendmicro.com 4. System Requirements ======================================================================== Before installing the patch, Trend Micro recommends: - installing the 64-bit version of ScanMail for IBM Domino for Linux 5.8 Build 1024 - upgrading the VSAPI and ATSE engines to version 12.500.1004 or any higher version. Refer to Section 2.2 Issue 16 for more information. 5. Installation ======================================================================== Refer to the "Administrator's Guide" for detailed information. 5.1 Installing ===================================================================== To install: 1. Update the VSAPI and ATSE engines to version 12.500.1004 or any higher version. 2. Copy the "smid_58_lx64_en_patch1_b1090.tar.gz" installation file to a local folder. 3. Extract the contents of the installation file to a local folder by running the following command: tar -zvxf smid_58_lx64_en_patch1_b1090.tar.gz 4. Go to the "smid_58_lx64_en_patch1_b1090" folder. 5. Run the following command: ./UPDSilent The "SMID: Build 5.8.0.1090" message appears on the Domino console after the system completes the installation. 5.2 Uninstalling ===================================================================== To roll back to the previous build: 1. Go to the "$SMLD_Binary_Folder/hotfix" directory. 2. Run the following command ./UPDSilent /u B1090 6. Post-Installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues in this release. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 9. Files Included in This Release ======================================================================== Filename Build No. ------------------------------------------------------------------ libsmdreal.so 5.8.0.1090 libsmddbs.so 5.8.0.1090 libsmdcm.so 5.8.0.1090 libsmdeuq.so 5.8.0.1090 libsmdsch.so 5.8.0.1090 libsmddtas.so 5.8.0.1090 libsmdmon.so 5.8.0.1090 libsmdext.so 5.8.0.1090 libsmdemf.so 5.8.0.1090 libsmdsupp.so 5.8.0.1090 libdbsetup.so 5.8.0.1090 libupdsmd.so 5.8.0.1090 libsmdupd.so 5.8.0.1090 libProductLib.so 5.8.0.1090 libunreg.so 5.8.0.1090 unregcm 5.8.0.1090 nBIFSender 5.8.0.1090 loader 5.8.0.1090 smconf.ntf 5.8.0.1090 smdapproved.ntf 5.8.0.1090 smddtas.ntf 5.8.0.1090 smency.ntf 5.8.0.1090 smftypes.nsf 5.8.0.1090 smhelp.nsf 5.8.0.1090 smlists.nsf 5.8.0.1090 smmsg.nsf 5.8.0.1090 smquar.ntf 5.8.0.1090 smtime.ntf 5.8.0.1090 smvlog.ntf 5.8.0.1090 AU module Files ------------------------------------------------------------------ AuPatch 2.86.4002 cert5.db 2.86.4002 libciuas64.so 2.86.4002 libpatch.so 2.86.4002 libtmactupdate.so 2.86.4002 x500.db 2.86.4002 MCP AgentSDK Files ------------------------------------------------------------------ libapr-1.so 5.0.0.2333 libcares.so 5.0.0.2333 libcurl.so 5.0.0.2333 libcrypto.so 5.0.0.2333 libssl.so 5.0.0.2333 libTrendAprWrapper.so 5.0.0.2333 libEn_Utility.so.1 5.0.0.2333 libz.so 5.0.0.2333 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, Data Loss Prevention, eManager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide