<> Trend Micro Incorporated July 15th, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan Messaging Security Virtual Appliance 9.1 - Patch 3 English - Linux - 64 Bits Critical Patch - Build 2073 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== This Critical Patch resolves the following issue(s): Issue 1: The "IfModule unixd_module" line appears several times in "EUQ.conf". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves this issue. Issue 2: After upgrading the TMASE engine, InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 may treat a normal sample as spam. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Critical Patch resolves a null pointer issue to ensure that normal samples are not treated as spam. Issue 3: Users encounter an HTTP 404 error when End User Quarantine (EUQ) Kerberos protocol is used for Single Sign-on (SSO). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Critical Patch resolves the error. 1.2 Enhancements ==================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in This Release ==================================================================== A. Files for Current Issue -------------------------------------------------------------------- Filename Build No. ----------------------------------------------------------------- imssd 9.1.0.2073 libFilterSpsTmase.so 9.1.0.2073 imp_exp 9.1.0.2073 Files for Issue 1 ----------------------------------------------------------------- N/A Files for Issue 2 ----------------------------------------------------------------- lib/libFilterSpsTmase.so 9.1.0.2073 Files for Issue 3 ----------------------------------------------------------------- N/A B. Files for Previous Issues -------------------------------------------------------------------- lib/libxml2.so 9.1.0.2069 bin/wrsagent 9.1.0.2069 script/UserSync.py 9.1.0.2053 lib/libFilterWrs.so 9.1.0.2053 ip_whitelist_details.jsp 9.1.0.2053 UpdateWhitelistAction.class 9.1.0.2053 imss6Policy_en.properties 9.1.0.2053 imss6Policy.properties 9.1.0.2053 bin/logtransfer 9.1.0.2053 lib/libIMSSjni.so 9.1.0.2053 AuditLogJNI.class 9.1.0.2053 UIEvtLogDAO.class 9.1.0.2053 libFilterWrs.so 9.1.0.2040 bin/imssd 9.1.0.2040 bin/imssmgr 9.1.0.2040 UI/euqUI/bin/Tomcat.sh 9.1.0.2040 lib/libtmactupdate.so 9.1.0.2040 lib/libpatch.so 9.1.0.2040 lib/liblwtpciu32.so 9.1.0.2040 lib/libciuas32.so 9.1.0.2040 lib/expapply.so 9.1.0.2040 lib/cert5.db 9.1.0.2040 lib/x500.db 9.1.0.2040 lib/AuPatch 9.1.0.2040 lib/aumsg.0 9.1.0.2040 lib/aumsg.932 9.1.0.2040 lib/aumsg.936 9.1.0.2040 lib/aumsg.949 9.1.0.2040 lib/aumsg.950 9.1.0.2040 libProductLibrary.so 9.1.0.2040 libFilterSpsTmase.so 9.1.0.2040 libFilterWrs.so 9.1.0.2040 script/postfix 9.1.0.2036 db_maintain 9.1.0.2036 dmarcreport_sender.py 9.1.0.2036 dmarcreport_sender.sh 9.1.0.2036 TmFoxFilter 9.1.0.2036 opendmarc 9.1.0.2036 ImssCsrfRequestMatcher.class 9.1.0.2036 libEUQjni.so 9.1.0.2036 imssmgrmon 9.1.0.2036 select_addr_exception.jsp 9.1.0.2036 validation.jsp 9.1.0.2036 libatse.so 9.1.0.2034 libvsapi.so 9.1.0.2034 lib/libdtsearch.so 9.1.0.2032 lib/viewers/dtv_pdfcrypto.so 9.1.0.2032 openssh-5.3p1-124.el6_10.x86_64.rpm 9.1.0.2032 openssh-clients-5.3p1-124.el6_10.x86_64.rpm 9.1.0.2032 openssh-server-5.3p1-124.el6_10.x86_64.rpm 9.1.0.2032 openssl-1.0.1e-58.el6_10.i686.rpm 9.1.0.2032 openssl-1.0.1e-58.el6_10.x86_64.rpm 9.1.0.2032 OpenLDAP/bin/ 9.1.0.2031 OpenLDAP/lib/ 9.1.0.2031 OpenLDAP/sbin/ 9.1.0.2031 UI/euqUI/ROOT/help/pl/ 9.1.0.2031 UI/euqUI/ROOT/images/pl/ 9.1.0.2031 Apache.sh 9.1.0.2031 DKIMWhiteListSettingAction.class 9.1.0.2031 S99NTPD 9.1.0.2031 WizardActionAppliance$1.class 9.1.0.2031 WizardActionAppliance.class 9.1.0.2031 anvil 9.1.0.2031 apache.sh 9.1.0.2031 bounce 9.1.0.2031 cfgtool.sh 9.1.0.2031 chage_default_pass.sh 9.1.0.2031 cleanup 9.1.0.2031 configure_network.sh 9.1.0.2031 configure_network.xml 9.1.0.2031 discard 9.1.0.2031 error 9.1.0.2031 flush 9.1.0.2031 funcs.sh 9.1.0.2031 glcfg.sh 9.1.0.2031 hostname.sh 9.1.0.2031 imss6Common_pl.properties 9.1.0.2031 imss6Errors_pl.properties 9.1.0.2031 imss6Euq_pl.properties 9.1.0.2031 imsscmagent 9.1.0.2031 imssctl.sh 9.1.0.2031 install_util.sh 9.1.0.2031 ipcheck.sh 9.1.0.2031 libIMSSjni.so 9.1.0.2031 libcurl.so.4 9.1.0.2031 libexpat.so.0 9.1.0.2031 lmtp 9.1.0.2031 local 9.1.0.2031 main.cf 9.1.0.2031 main.py 9.1.0.2031 master 9.1.0.2031 master.cf 9.1.0.2031 nqmgr 9.1.0.2031 oqmgr 9.1.0.2031 pickup 9.1.0.2031 pipe 9.1.0.2031 post-install 9.1.0.2031 postalias 9.1.0.2031 postcat 9.1.0.2031 postconf 9.1.0.2031 postdrop 9.1.0.2031 postfix 9.1.0.2031 postfix-files 9.1.0.2031 postfix-script 9.1.0.2031 postfix-wrapper 9.1.0.2031 postkick 9.1.0.2031 postlock 9.1.0.2031 postlog 9.1.0.2031 postmap 9.1.0.2031 postmulti 9.1.0.2031 postmulti-script 9.1.0.2031 postqueue 9.1.0.2031 postsuper 9.1.0.2031 proxymap 9.1.0.2031 qmgr 9.1.0.2031 qmqpd 9.1.0.2031 root.xml 9.1.0.2031 scache 9.1.0.2031 sendmail 9.1.0.2031 showq 9.1.0.2031 slapd 9.1.0.2031 smartsearch.jsp 9.1.0.2031 smtp 9.1.0.2031 smtpd 9.1.0.2031 spawn 9.1.0.2031 step.py 9.1.0.2031 tlsmgr 9.1.0.2031 top.css 9.1.0.2031 trend-style.css 9.1.0.2031 trivial-rewrite 9.1.0.2031 utility.py 9.1.0.2031 verify 9.1.0.2031 virtual 9.1.0.2031 AddDomainAction.class 9.1.0.2031 AddSenderAction.class 9.1.0.2031 ipfilter/AddWhiteIPAction.class 9.1.0.2029 ipfilter/ApplyWhiteList.class 9.1.0.2029 ipfilter/DelWhiteIPAction.class 9.1.0.2029 ipfilter/UpdateWhitelistAction.class 9.1.0.2029 ipfilter/WhitelistAction.class 9.1.0.2029 policy/DKIMWhiteListSettingAction.class 9.1.0.2029 jsp/framework/left_0530.jsp 9.1.0.2029 jsp/framework/smartsearch_imss.dat 9.1.0.2029 jsp/framework/smartsearch.dat 9.1.0.2029 jsp/ipfilter/ip_whitelist_add.jsp 9.1.0.2029 jsp/ipfilter/ip_whitelist_details.jsp 9.1.0.2029 jsp/ipfilter/ip_whitelist.jsp 9.1.0.2029 jsp/ipfilter/left_ipPage.jsp 9.1.0.2029 jsp/policy/add_white_list.jsp 9.1.0.2029 jsp/policy/dkim_white_list_import.jsp 9.1.0.2029 ip_settings_dha.jsp 9.1.0.2025 lib/libFilterAction.so 9.1.0.2025 LdapCacheSync$1.class 9.1.0.2025 LdapCacheSync.class 9.1.0.2025 EmailSync.class 9.1.0.2025 UI/adminUI/ROOT/error_404.jsp 9.1.0.2021 UI/euqUI/ROOT/error_404.jsp 9.1.0.2021 UI/apache/ 9.1.0.2021 UI/javaJRE/ 9.1.0.2021 UI/tomcat/ 9.1.0.2021 euqutil 9.1.0.2021 MsgTracing-0.2-py2.7.egg 9.1.0.2021 MsgTracing-0.2-py2.7.egg-info 9.1.0.2021 QtQueryAction.class 9.1.0.2021 UI/adminUI/ROOT/help/en/webhelp/ 9.1.0.2021 imssps 9.1.0.2021 foxdns 9.1.0.2021 libImssCommon.so 9.1.0.2021 libFilterEmgrPlugin.so 9.1.0.2021 imss6Policy_en.properties 9.1.0.2021 imss6Policy.properties 9.1.0.2021 sys_dkim_sign_show_DNSRecord.jsp 9.1.0.2014 AccountParser$AccountContentHandler.class 9.1.0.2014 AccountParser.class 9.1.0.2014 AccountParserTest.class 9.1.0.2014 AddBlockIPAction.class 9.1.0.2014 AddRuleAction.class 9.1.0.2014 AddWhiteIPAction.class 9.1.0.2014 AddrGroupAction.class 9.1.0.2014 AdminDAO.class 9.1.0.2014 AdminDBAction$1.class 9.1.0.2014 AdminDBAction.class 9.1.0.2014 BackupAction$1.class 9.1.0.2014 BackupAction$ConfigFileNameFilter.class 9.1.0.2014 BackupAction.class 9.1.0.2014 BatchParser$BatchContentHandler.class 9.1.0.2014 BatchParser.class 9.1.0.2014 BouncedSettingAction.class 9.1.0.2014 BundleParser$BundleContentHandler.class 9.1.0.2014 BundleParser.class 9.1.0.2014 ComplianceLogParser.class 9.1.0.2014 ComplianceTemplateInterface.class 9.1.0.2014 ComplianceTemplateWSAction.class 9.1.0.2014 ComplianceTemplatesAction$EntityComparator.class 9.1.0.2014 ComplianceTemplatesAction.class 9.1.0.2014 ConditionAction.class 9.1.0.2014 ConnBasicAction.class 9.1.0.2014 ConnChildIPAction.class 9.1.0.2014 ConnLDAPAction$1.class 9.1.0.2014 ConnLDAPAction.class 9.1.0.2014 ConnNTPAction.class 9.1.0.2014 ConnSettingAction.class 9.1.0.2014 ConnTMCMAction.class 9.1.0.2014 DDAServerMgmtAction.class 9.1.0.2014 DDASettingAction$1.class 9.1.0.2014 DDASettingAction.class 9.1.0.2014 DHASettingAction.class 9.1.0.2014 DLPExpressionInterface.class 9.1.0.2014 DLPFileAttributeInterface.class 9.1.0.2014 DLPKeywordInterface.class 9.1.0.2014 DMARCSettingAction.class 9.1.0.2014 DataIdentifierWSAction.class 9.1.0.2014 DelBlockIPAction.class 9.1.0.2014 DelWhiteIPAction.class 9.1.0.2014 DeployAPIKeyAction.class 9.1.0.2014 DkimSignAction$1.class 9.1.0.2014 DkimSignAction$LogLevel.class 9.1.0.2014 DkimSignAction.class 9.1.0.2014 DomainListAction.class 9.1.0.2014 DomainParser$DomainContentHandler.class 9.1.0.2014 DomainParser.class 9.1.0.2014 DomainParserTest.class 9.1.0.2014 DomainPolicyParser$DomainPolicyContentHandler.class 9.1.0.2014 DomainPolicyParser.class 9.1.0.2014 DomainPolicyParserTest.class 9.1.0.2014 DomainSettingParser$DomainSettingContentHandler.class 9.1.0.2014 DomainSettingParser.class 9.1.0.2014 DomainSettingParserTest.class 9.1.0.2014 DstServerListAction.class 9.1.0.2014 EuqApprovedSenderAction$1.class 9.1.0.2014 EuqApprovedSenderAction.class 9.1.0.2014 EuqHttpFilter.class 9.1.0.2014 EuqMessagesAction.class 9.1.0.2014 ExpressionAction.class 9.1.0.2014 FileAttributeAction.class 9.1.0.2014 InboundServerParser$InboundServerContentHandler.class 9.1.0.2014 InboundServerParser.class 9.1.0.2014 InterAddrAction.class 9.1.0.2014 InternalHostAction$PageList.class 9.1.0.2014 InternalHostAction.class 9.1.0.2014 JobParser$JobContentHandler.class 9.1.0.2014 JobParser.class 9.1.0.2014 KeywordListsAction.class 9.1.0.2014 LogSettingAction.class 9.1.0.2014 LogSyslogSettingAction.class 9.1.0.2014 LoginAction.class 9.1.0.2014 MTASettingAction$1.class 9.1.0.2014 MTASettingAction$10.class 9.1.0.2014 MTASettingAction$11.class 9.1.0.2014 MTASettingAction$12.class 9.1.0.2014 MTASettingAction$13.class 9.1.0.2014 MTASettingAction$14.class 9.1.0.2014 MTASettingAction$15.class 9.1.0.2014 MTASettingAction$16.class 9.1.0.2014 MTASettingAction$17.class 9.1.0.2014 MTASettingAction$18.class 9.1.0.2014 MTASettingAction$19.class 9.1.0.2014 MTASettingAction$2.class 9.1.0.2014 MTASettingAction$20.class 9.1.0.2014 MTASettingAction$21.class 9.1.0.2014 MTASettingAction$22.class 9.1.0.2014 MTASettingAction$23.class 9.1.0.2014 MTASettingAction$24.class 9.1.0.2014 MTASettingAction$25.class 9.1.0.2014 MTASettingAction$26.class 9.1.0.2014 MTASettingAction$3.class 9.1.0.2014 MTASettingAction$4.class 9.1.0.2014 MTASettingAction$5.class 9.1.0.2014 MTASettingAction$6.class 9.1.0.2014 MTASettingAction$7.class 9.1.0.2014 MTASettingAction$8.class 9.1.0.2014 MTASettingAction$9.class 9.1.0.2014 MTASettingAction.class 9.1.0.2014 MailTrackParser$MailTrackContentHandler.class 9.1.0.2014 MailTrackParser.class 9.1.0.2014 MailTrackParserTest.class 9.1.0.2014 MoveBlockIPAction.class 9.1.0.2014 MtaQueryAction.class 9.1.0.2014 MtaQueryActionTask.class 9.1.0.2014 MtaSummaryAction.class 9.1.0.2014 MtaSummaryActionTask.class 9.1.0.2014 NRSSettingAction.class 9.1.0.2014 OutboundIPParser$OutboundIpContentHandler.class 9.1.0.2014 OutboundIPParser.class 9.1.0.2014 PolicyWSAction.class 9.1.0.2014 PostfixQueueMgmtAction.class 9.1.0.2014 PrefilterErrorParser$PrefilterErrorContentHandler.class 9.1.0.2014 PrefilterErrorParser.class 9.1.0.2014 ProcQueueQueryAction.class 9.1.0.2014 PwdProtectAction.class 9.1.0.2014 QtEditAreaAction.class 9.1.0.2014 QtSettingsAction.class 9.1.0.2014 RcptDeletedParser$RcptDeletedContentHandler.class 9.1.0.2014 RcptDeletedParser.class 9.1.0.2014 RecipientParser$RecipientContentHandler.class 9.1.0.2014 RecipientParser.class 9.1.0.2014 RecipientParserTest.class 9.1.0.2014 RegionAddressParser$RegionAddressContentHandler.class 9.1.0.2014 RegionAddressParser.class 9.1.0.2014 RuleActionNamedObjAction.class 9.1.0.2014 RuleActionNotifyAction.class 9.1.0.2014 RuleActionStampAction.class 9.1.0.2014 RuleActionTagAction.class 9.1.0.2014 RuleAttrAntiSpoofAction.class 9.1.0.2014 RuleAttrCCCAAction.class 9.1.0.2014 RuleAttrDKIMEnforcementAction.class 9.1.0.2014 RuleAttrGraymailAction.class 9.1.0.2014 RuleAttrKeywordAction.class 9.1.0.2014 RuleAttrMIMEAction.class 9.1.0.2014 RuleAttrNameAction.class 9.1.0.2014 RuleAttrSpamAction.class 9.1.0.2014 RuleAttrTimeRangeAction.class 9.1.0.2014 RuleAttrTrueFileAction.class 9.1.0.2014 RuleAttrWrsAction.class 9.1.0.2014 RuleDetailAction.class 9.1.0.2014 RuleListAction.class 9.1.0.2014 SameSiteCheck.xml 9.1.0.2014 ScanModeAction.class 9.1.0.2014 SecViolateAction.class 9.1.0.2014 SelectAddrAction.class 9.1.0.2014 SenderParser$SenderContentHandler.class 9.1.0.2014 SenderParser.class 9.1.0.2014 SenderParserTest.class 9.1.0.2014 SessionFilter.class 9.1.0.2014 SessionKeys.class 9.1.0.2014 SmartProtectionLocalSourceAction$1.class 9.1.0.2014 SmartProtectionLocalSourceAction.class 9.1.0.2014 SmartProtectionScanServiceAction.class 9.1.0.2014 SmartProtectionWRServiceAction.class 9.1.0.2014 SpamSettingAction.class 9.1.0.2014 ThreatSummaryParser$ThreatSummaryContentHandler.class 9.1.0.2014 ThreatSummaryParser.class 9.1.0.2014 ThreatSummaryParserTest.class 9.1.0.2014 TotalTrafficParser$TotalTrafficContentHandler.class 9.1.0.2014 TotalTrafficParser.class 9.1.0.2014 TotalTrafficParserTest.class 9.1.0.2014 UpdateBlockIPAction.class 9.1.0.2014 UpdateWhitelistAction.class 9.1.0.2014 VirusRuleAction.class 9.1.0.2014 VirusSettingAction.class 9.1.0.2014 error_403.jsp 9.1.0.2014 error_404.jsp 9.1.0.2014 imsva_pd_util 9.1.0.2014 liblogin.so 9.1.0.2014 smart_reporter 9.1.0.2014 web.xml 9.1.0.2014 imss6Logs_en.properties 9.1.0.2011 viewers\dtv_pdfcrypto.so 9.1.0.2011 Policy_full.xml 9.1.0.2011 adj.dat 9.1.0.2011 adj.idx 9.1.0.2011 adv.dat 9.1.0.2011 adv.idx 9.1.0.2011 american-name.txt 9.1.0.2011 cme.conf 9.1.0.2011 etyv 9.1.0.2011 libEmExpression.so 9.1.0.2011 libEmSynonym.a 9.1.0.2011 libcme_dll.so 9.1.0.2011 libcme_dll.so.0 9.1.0.2011 libcme_vxe_dll.so 9.1.0.2011 libcme_vxe_dll_static.so 9.1.0.2011 libdlpEngine.so.0 9.1.0.2011 libdtsearch.so 9.1.0.2011 libem_debug.so 9.1.0.2011 libem_helpr.so 9.1.0.2011 libicudata.so.51 9.1.0.2011 libicudata.so.57 9.1.0.2011 libicui18n.so.51 9.1.0.2011 libicui18n.so.57 9.1.0.2011 libicuuc.so.51 9.1.0.2011 libicuuc.so.57 9.1.0.2011 noun.dat 9.1.0.2011 noun.idx 9.1.0.2011 spanish-name.txt 9.1.0.2011 tmpe.pol 9.1.0.2011 tmpeEnum.xml 9.1.0.2011 verb.dat 9.1.0.2011 verb.idx 9.1.0.2011 libtmau.so 9.1.0.2011 aucmd 9.1.0.2011 libImssCrypto.so 9.1.0.2011 libImssDAO.so 9.1.0.2011 rule_attr_keyword_list.jsp 9.1.0.2011 policy_search.jsp 9.1.0.2011 imss7PolicySearch.properties 9.1.0.2011 imss-resources.xml 9.1.0.2011 policy_search_tool_style.css 9.1.0.2011 query_prev.gif 9.1.0.2011 query_next.gif 9.1.0.2011 query.gif 9.1.0.2011 LogoTrendMicro_3d.gif 9.1.0.2011 PolicySearchAction.class 9.1.0.2011 PolicySearchDAO.class 9.1.0.2011 PolicySearchConstants.class 9.1.0.2011 PolicySearchResult.class 9.1.0.2011 imssOLH.properties 9.1.0.2011 en/webhelp/* 9.1.0.2011 libFilterAction.so 9.1.0.2000 imss6Logs.properties 9.1.0.2000 logs_query_sysevent.jsp 9.1.0.2000 SysLogs.class 9.1.0.2000 EuqBE.class 9.1.0.2000 EndUserBE.class 9.1.0.2000 EndUser.class 9.1.0.2000 DigestInlineActionAction.class 9.1.0.2000 EuqViewMessageAction.class 9.1.0.2000 EuqDistributionListAction.class 9.1.0.2000 EUQNtlmHttpFilter.class 9.1.0.2000 LogoffAction.class 9.1.0.2000 libopendmarc.so 9.1.0.1997 apply_special.sh 9.1.0.1997 rule_attr_keyword.jsp 9.1.0.1996 select_addr_group.jsp 9.1.0.1996 wrsagent 9.1.0.1996 libTmIbeCryptoSdk.so 9.1.0.1996 libTmIbeCryptoSdk.so.0 9.1.0.1996 libTmIbeCryptoSdk.so.0.0.0 9.1.0.1996 dtv_pdfcrypto.so 9.1.0.1996 PatchAction.class 9.1.0.1996 libGsoapClient.so 9.1.0.1989 header_checks 9.1.0.1989 smtp_conn_agent 9.1.0.1989 libFilterAntiSpoof.so 9.1.0.1988 CommonParams.class 9.1.0.1988 PrefilterConstants.class 9.1.0.1988 libtmmsg.so 9.1.0.1988 libFilterVirus.so 9.1.0.1988 dtasagent 9.1.0.1988 MsgLogs.class 9.1.0.1988 MsgLogrec.class 9.1.0.1988 ProductRegAction.class 9.1.0.1987 tb_named_obj 9.1.0.1987 kernel-2.6.32-754.23.1.el6.x86_64.rpm 9.1.0.1987 kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm 9.1.0.1987 libPolicyCaller.so 9.1.0.1987 forceUpdate 9.1.0.1987 logtransfer 9.1.0.1983 smtp_tls_outgoing.jsp 9.1.0.1981 imsstasks 9.1.0.1981 imss6Errors.properties 9.1.0.1979 imss6Errors_en.properties 9.1.0.1979 rule_attr_keyword_item.jsp 9.1.0.1979 libImssRule.so 9.1.0.1976 libFilterGraymail.so 9.1.0.1976 BifConnect$1.class 9.1.0.1976 BifConnect.class 9.1.0.1976 BifInfo$1.class 9.1.0.1976 BifInfo.class 9.1.0.1976 LogQueryIpDAO.class 9.1.0.1976 IMSVA8.mib 9.1.0.1976 IMSVA8-V2.mib 9.1.0.1976 libcrc0filter.so 9.1.0.1974 libICRCHdler.so 9.1.0.1974 libICRCPerfLib_Cli.so 9.1.0.1974 localservermgmt 9.1.0.1974 imssdps 9.1.0.1974 predata_gen 9.1.0.1972 libtmprapid.so 9.1.0.1972 libtmprapi.so 9.1.0.1972 libtmpr.so 9.1.0.1972 AdminAccountAction.class 9.1.0.1972 admin_auth.jsp 9.1.0.1972 AdminUser.class 9.1.0.1972 LdapJNI.class 9.1.0.1972 apply_db.sh 9.1.0.1972 SPFPolicyd/dns 9.1.0.1972 SPFPolicyd.py 9.1.0.1972 spf.py 9.1.0.1972 test_spf.py 9.1.0.1972 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Trend Micro InterScan Messaging Security Virtual Appliance 9.1 Patch 3 Build 1960 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Select and upload the Critical Patch package (tar.gz). 4. After a few minutes, check the latest uploaded package information to make sure the management console has successfully uploaded the Critical Patch package to IMSVA. 5. If you have set up a group of IMSVA devices, select the parent device and click "Update". Wait for the parent device to finish updating, and then update all the child devices. 6. Wait for a few minutes and then log on to the IMSVA management console. 7. Go to "Administration > Updates > System & Applications". 8. Verify that the "OS version"/"Application version" values for all items in the "Current status" section match the Critical Patch version. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears showing the updates and related log information. 4. To remove an update, click "Rollback". 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== Known issues in this release: #1 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] If Cloud Pre-Filter deletes an email message with no subject, and a user queries that email message on the web console, the logs display "??" in the Subject line. #2 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] Users cannot use the Down-Level Logon Name format (for example: "\DOMAIN\UserName") to create LDAP admin accounts. IMSVA accepts only accounts that contain a User Principal Name (UPN). #3 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The following issues occur if IMSVA is unable to convert Subject line text to UTF-8. - The logs display garbled text. - IMSVA quarantines the email message and the Subject field displays the message "Unsupported charset non-UTF-8" if a user attempts to view the email message through the web console. NOTE: IMSVA attempts to convert characters to UTF-8 whenever the Subject line: - Does not contain character set information - Contains special characters (such as the copyright symbol) - Contains double-byte characters #4 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] To view the web console using Internet Explorer on computers running Windows 2003, users must first perform the following task. 1. Go to "Tools > Internet Options > Security > Trusted Sites > Sites". 2. Add the IP address of the computer on which IMSVA is installed. 3. Click Close. #5 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA may still scan and quarantine email messages even after a user deploys a policy with the "handoff" action. Email messages may still be quarantined if they trigger scanning exceptions because IMSVA prioritizes exceptions over spam and content filters. #6 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] If time settings (including time zones) are not synchronized across IMSVA servers, certain functions (such as log purge and EUQ sign in with Kerberos) may not work as expected. #7 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The monitor action "BCC" does not function for the following security settings violations (under "Scanning Exceptions"): * Total message size exceeds * Total # recipients exceeds #8 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA encounters issues when decrypting email messages that were not encrypted using UTF-8. The Subject line in the decrypted email messages may contain either garbled text or a series of question marks. #9 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA cannot perform content filtering on a PDF file if: * Access permission of the file is set to "read only"; and * The file is encrypted using RC4 and the key length is greater than 40 bits. NOTE: IMSVA can still perform an antivirus check on the file. #10 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA does not check for spoofed internal messages if the recipient is an IPv6 address. #11 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] SOCKS4 does not support IPv6. #12 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The IBE server does not support connections with the IPv6 proxy server. #13 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IP Profiler does not support IPv6. #14 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] Product license management does not support SOCKS connections with the IPv6 proxy server. #15 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA detects C&C email messages based only on the addresses in the message header. #16 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The IMSVA and Control Manager counters for C&C email messages are not consistent. IMSVA counts all incoming and outgoing messages that trigger the filter, while Control Manager counts only outgoing messages. #17 Known issue: [Reported at: IMSVA 8.5.1 Service Pack 1 B15160] Smart Scan cannot fail over to Conventional Scan while in high availability mode. #18 Known issue: [Reported at: IMSVA 9.0.0 GM B1383] DKIM signing identifies inbound or outbound email messages based on internal addresses, but DKIM signing does not regard LDAP groups as internal addresses. If you set internal addresses using an LDAP group, DKIM signing does not use this LDAP group for identifying inbound email messages. #19 Known issue: [Reported at: IMSVA 9.0.0 GM B1383] When delivering an email message, IMSVA first sends the email message to the destination server with the highest priority. If the destination server returns a "4XX" or "5XX" error after being connected, IMSVA still considers the destination server available and sends the email message to it. #20 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] If the time zone setting on the IMSVA server is different from that on the database server, policy event logs cannot be queried. #21 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] When IMSVA delivers reports through email, users might be unable to access links in the reports if they use Microsoft Office 365 to check email messages. #22 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] On the IMSVA management console, the active navigation menu is highlighted after being clicked. In Internet Explorer 9, the menu highlight color cannot be shown properly. #23 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] IMSVA rewrites URLs in email messages to provide time-of-click protection. If the email messages contain both URLs and Chinese characters in plain text, IMSVA extracts incorrect URLs and rewrites them improperly. #24 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] Each registered Activation Code matches a unique key. If an Activation Code has been registered to the Time-of-Click Protection service, it cannot be changed to another registered Activation Code because the matching key cannot change. #25 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] IMSVA rewrites URLs in email messages to provide time-of-click protection. If users forward or reply to those email messages after the URLs have been rewritten, IMSVA will check the URLs again. In this case, IMSVA is unable to extract the rewritten URLs from plain text, and a return error is recorded in message tracking logs. This error does not affect users. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 2073] Issue 1: After upgrading the TMASE engine, InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 may treat a normal sample as spam. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves a null pointer issue to ensure that normal samples are not treated as spam. [Hotfix 2069] Issue 1: InterScan Messaging Security Virtual Appliance (IMSVA) uses a version of the libxml2 third-party library that is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Enhancement 1: This Hotfix updates the WRSAGENT API. [Hotfix 2053] Issue 1: Some accounts created from the adminUI may not be able to access the command line interface on protected computers running on CentOS 7. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Issue 2: An issue prevents IMSVA from matching certain special URLs with the Web Reputation Approved List. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix resolves the issue so IMSVA can match URLs to the Web Reputation Approved List. Issue 3: Postfix may stop delivering email messages to the scanner for a certain period of time after a pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix resolves the issue. Issue 4: Sensitive words are used in the DKIM UI. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Hotfix resolves the issue. Issue 5: TLS certificates may become corrupted after users close the detail page of certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Hotfix resolves the issue. Issue 6: IMSVA may not trust some valid certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Hotfix ensures that IMSVA can correctly recognize trusted certificates. Enhancement 1: This Hotfix adds a feature that enables IMSVA to send audit logs to the syslog server. [Hotfix 2040] Issue 1: An issue prevents InterScan Messaging Security Virtual Appliance (IMSVA) from correctly matching certain special URLs to the Web Reputation Approved List. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Issue 2: The polevt.imss.xxx log cannot record attachments when there are more than 10 attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix resolves the issue. Issue 3: An extra white space in the global setting prevents users from accessing the End User Quarantine (EUQ) page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix removes the extra white space from the global setting. Issue 4: A large number of temp files fill up the inode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Hotfix updates the ActiveUpdate (AU) module to resolve this issue. Enhancement 1: By design, IMSVA sends all content logs to Trend Micro Apex Central(TM). This hotfix provides an option to allow IMSVA to send only the content logs for the "Delete entire message", "Delete attachment", and "Quarantine" action. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: 1. Install this Hotfix (see "Installation"). 2. Connect to the IMSVA database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Run the following SQL statement in a single line. insert into tb_global_setting values('cmagent','ContentLogOnlySendQtOrDel','yes' ,' imss.ini'); 4. Log off from the database server by running the following command: \q 5. Restart the cmagent service using the following command: /opt/trend/imss/script/S99CMAGENT restart Enhancement 2: This Hotfix provides an option to allow users to replace flagged URLs with customized text. [Hotfix 2036] Issue 1: InterScan Messaging Security Virtual Appliance (IMSVA) may not able to flush some email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix ensures that IMSVA can flush email messages normally. Issue 2: IMSVA may not able to clean expired logs when DMARC report is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix ensures that IMSVA can clean expired logs normally when DMARC report is enabled. Issue 3: The SPF in DMARC checks may send a notification when it detects a macro %{h} in the SPFrecord. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix resolves this issue. Issue 4: Certain messages may trigger a coredump issue in the opendmarc process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Hotfix resolves this issue. Issue 5: Users with read-only privileges can edit the policy action which triggers a 403 error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Hotfix ensures that only users with the required permissions can edit the policy action. Issue 6: When users configure the IMSVA firewall to allow a third party tool to connect to the IMSVA database but it is not connected through the "Internal Communication Port", the IMSVA manager may restart repeatedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Hotfix resolves this issue. Issue 7: Kerberos login fails under certain LDAP settings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Hotfix resolves the issue. Issue 8: Users cannot add email addresses that contain an underscore to the policy rule. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Hotfix resolves this issue. [Critical Patch 2034] Issue 1: The ATSE/VSAPI engines cannot handle certain CHM files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch upgrades the ATSE/VSAPI engines to resolve this issue. [Hotfix 2032] Issue 1: InterScan Messaging Security Virtual Appliance (IMSVA) may replace the certificate of the End User Quarantine (EUQ) service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Issue 2: A user requests to update some Operating System bundled modules. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix upgrades these modules. Issue 3: The root partition may be used up when there is high network traffic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix moves the maillog from the root partition to the data partition to free up some space in the root partition. Issue 4: Some mail transfer agents (MTA) may reject email messages with line lengths exceeding "998". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Hotfix sets "smtp_line_length_limit=998" to keep line lengths manageable. Issue 5: Some PDF files causes the imssd process to run out of memory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Hotfix resolves the issue. [Hotfix 2031] Issue 1: Some internal issues have been found in InterScan Messaging Security Virtual Appliance (IMSVA). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the internal issues. [Hotfix 2030] Issue 1: Some DMARC event logs are not imported into the database successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Issue 2: The scanner process stops unexpectedly while installing a hotfix. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix resolves the issue. Issue 3: An issue prevents the TMASE engine from rewriting certain URLs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix updates the TMASE engine to resolve the issue. [Hotfix 2029] Issue 1: Sensitive words were used in the IMSVA web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix replaces sensitive words on the IMSVA web console. [Hotfix 2025] Issue 1: Users cannot set the "Non-existing recipients exceeds" value of the DHA Attack rule to "0". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix allows users to set the DHA Attack rule "Non-existing recipients exceeds" value to "0". Issue 2: There is an issue with the default value of "smtp_line_length_limit". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix sets "smtp_line_length_limit=1000". Issue 3: The Active Update (AU) module is affected by a vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix updates the AU module to resolve the vulnerability. Enhancement 1: This Hotfix allows users to configure InterScan Messaging Security Virtual Appliance (IMSVA) to send BCC email messages in a new session. Enhancement 2: This Hotfix enables IMSVA to support synchronizing custom attributes as email addresses. [Hotfix 2021] Issue 1: When InterScan Messaging Security Virtual Appliance (IMSVA) imports information from the database into a file, some IP addresses may not appear in the approved list of the Email Reputation Service (ERS). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix helps ensure that all required and relevant information is imported correctly. Issue 2: An issue prevents the IMSVA true file type policy from detecting "LHA" and "LZH" files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the issue. Issue 3: IMSVA scanner does not work when there are no matching policies and the "Suspicious URL list" is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue. Issue 4: Sensitive words were used in the IMSVA web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix replaces sensitive words on the IMSVA web console. Issue 5: Inaccurate logs display on the IMSVA web console when users click the back button on the browser. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix resolves the issue. Issue 6: The message tracing feature may stop unexpectedly due to an exception. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix improves the stability of the message tracing module to resolve this issue. Issue 7: The IMSVA program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix updates the Java(TM), Apache(TM), and Tomcat(TM) modules to resolve the vulnerability. Enhancement 1: This hotfix enables users to configure IMSVA to notify administrators by email message or SNMP trap if there is insufficient free space on the root partition. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable the notification for insufficient free space in the root partition: 1. Install this hotfix (see "Installtion"). 2. Ensure that the "Delivery Settings" in the "Administration > Notifications > Delivery Settings" page have been configured, otherwise, IMSVA will not be able to notify administrators. 3. Connect to the database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 4. Add the following hidden keys in the database by running the following commands in order: 4.1 To configure notification by email message, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartitionEmail', 'yes', 'imss.ini', NULL); 4.2 To configure notification by SNMP trap, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartitionSNMP', 'yes', 'imss.ini', NULL); 4.3 To configure the notification threshold for root partition size, for example, to set it to 1024 MB (Default), run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartitionSize', '1024', 'imss.ini', NULL); 4.4 To configure the email subject, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartition_Subject', 'Free disk space (%FREESPACE%) of root partition %FOLDERPATH% on scanner(%HOSTNAME%) is below threshold.', 'imss.ini', NULL) NOTE: This is optional, if not configured, IMSVA will use the data partition notification template in the "Administration > Notifications" page. Click "Data partition free space on any host is less than" to edit and use the "%FOLDERPATH%" variable to replace the hardcoded partition name. 4.5 To configure the email message, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartition_Message', 'Free disk space (%FREESPACE%) of root partition %FOLDERPATH% on scanner(%HOSTNAME%) is below threshold.', 'imss.ini', NULL); NOTE: This is optional. 4.6 To configure the SNMP message, run: INSERT INTO tb_global_setting VALUES ('General-Notification','FreeRootPartition_SNMPMes sage', 'Free disk space (%FREESPACE%) of root partition %FOLDERPATH% on scanner(%HOSTNAME%) is below threshold.','imss.ini', NULL); NOTE: This is optional. 5. Close the database connection using the following command: \q 6. Restart the monitor service using the following command. /opt/trend/imss/script/S99MANAGER restart To disable the notification for insufficient free space in the root partition: 1. Connect to the database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 2. Update the hidden keys in the database by running the following commands: 2.1 Disable the email notifications by running the following command. update tb_global_setting SET value = 'no' where section = 'General-Notification' AND name = 'FreeRootPartitionEmail'; 2.2 Disable the SNMP trap notifications by running the following command. update tb_global_setting SET value = 'no' where section = 'General-Notification' AND name = 'FreeRootPartitionSNMP'; 3. Close the database connection using the following command: \q 4. Restart the monitor service by running the following command. /opt/trend/imss/script/S99MANAGER restart [Hotfix 2014] Issue 1: Under certain conditions, InterScan Messaging Security Virtual Appliance (IMSVA) inserts inaccurate dmarc check result in the email header. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that IMSVA inserts the correct information to email headers. Issue 2: Some valid DKIM signed email messages are tagged as failed verification by mistake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. Issue 3: The IMSVA program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the vulnerability. Issue 4: When there are too many files to be sent to Trend Micro Deep Discovery Analyzer, the IMSVA cache for virtual analyzer fills up which may cause analysis to take too long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix improves the cache query speed to resolve the issue. Issue 5: There are extra spaces in the DKIM signature DNS Record in the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix removes the extra spaces from the DKIM signature DNS record. Enhancement 1: This hotfix enables users to specify a DNS for anti-spam engine use only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To set a DNS for anti-spam engine use only: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.inis" using a text editor. 3. Locate or add the "[in-the-cloud]" section and add the following value: [in-the-cloud] dns_for_tmase=ww.xx.yy.zz (specific DNS server, accepts only one DNS server) 4. Save the changes and close the file. 5. Restart the scanner using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 2: This hotfix disables port 8009 for external devices. [Hotfix 2011] Issue 1: Some long URLs may become unavailable after InterScan Messaging Security Virtual Appliance (IMSVA) re-writes them. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue by ensuring that IMSVA rewrites long URLs correctly. Issue 2: An issue prevents the "Header keyword expressions" filter in IMSVA from matching certain types of S/MIME email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the "Header keyword expressions" filter works normally. Issue 3: An exception error appears when IMSVA attempts to display a quarantined message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that IMSVA can query quarantined messages correctly. Issue 4: The OpenSSH module in IMSVA is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix updates the OpenSSH module to resolve the vulnerability. Issue 5: An issue prevents users from querying the status of a Log Query and receiving the delivery feedback. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix enables the "Message Tracking" page of the IMSVA web console to display the delivery status of the handoff action. Issue 6: Credit card information in email messages cannot be matched. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix updates the eManager(TM) module to resolve this issue. Issue 7: ActiveUpdate (AU) may not work when the Legion Object Identifier (LOID) exceeds 2 GB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix upgrades "libtmau.so" to resolve this issue. Enhancement 1: This hotfix enables IMSVA to support Trend Micro Email Security (TMEMS) migration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable IMSVA to support TMEMS migration: 1. Install this hotfix (see "Installation"). 2. Insert one record into the IMSVA database by running the following SQL statements: insert into tb_global_setting (section, name, value, inifile) values ('imp_exp', 'enable_ems_migrate', '1', 'imss.ini'); Enhancement 2: This hotfix merges the policy search tool for InterScan Messaging Security Suite (IMSS) 9.1 with IMSVA 9.1. [Hotfix 2000] Issue 1: Additional End User Quarantine (EUQ) Log Action Details are needed in logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix enables EUQ to generate logs when end users take action. Issue 2: The tagged subject information does not appear in policy event and message tracking logs when there is no subject field in the original email header. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates "libFilterAction.so" to ensure that the tagged subject information appears in policy event and message tracking logs. add a hidden key to control this behavior as follows: insert into tb_global_setting (section, name, value, inifile) values ('MessageModule', 'LoggingTaggedBlankSubject', 'yes', 'imss.ini'); Issue 3: A typo which should be split rather than splitted in imssd log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix corrects the typo to resolve this issue. [Hotfix 1997] Issue 1: Sometimes, intended users do not to receive End User Quarantine (EUQ) digests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updated euqutil function to ensure that all intended users receive EUQ digests. Issue 2: The eManager(TM) component encounters a memory leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix enables InterScan Messaging Security Virtual Appliance (IMSVA) to set "error_code=0" before calling the eManager API to prevent the memory leak issue. Issue 3: The SPF record checking results in DMARC will appear as "failed" when it encounters an SPF record that includes macros. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates "libopendmarc.so" to resolve this issue. Issue 4: Sometimes, IMSVA sends out notification that the MsgTracing function has stopped unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix enables IMSVA to reserve certain local ports to resolve this issue. [Hotfix 1996] Issue 1: There are several improvements to the record sorting mechanism in widgets. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix adds a common string ascending or descending comparison algorithm for sorting records in widgets which can be activated using the new "Sort" button on the list box. Issue 2: If users repeatedly add and delete keywords and expressions without saving the changes, the case-sensitivity setting may not work during keyword and expression matching. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the caseSensitiveItems setting for mapped IDs to resolve the issue. Issue 3: There are several improvements to Web Reputation Service (WRS) logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates the WRS Score Result log level from "NORMAL" to "DIAGNOSTIC" to reduce the number of logs. Issue 4: Encrypted email messages trigger scanning exceptions for all outbound secure messages and are quarantined. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix upgrades the cryptoSDK module to resolve this issue. Issue 5: An out of memory issue occurs and the imssd process stops on IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix upgrades the eManager module to resolve this issue. Issue 6: Email is not quarantined when email encryption fails and the recipient can still retrieve the email that has not been encrypted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix resolves this issue. Issue 7: The imsva_91_en.criticalpatch1993.tar.gz critical patch cannot be applied to the parent IMSVA device. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix repacks the critical patch as imsva-91-en.criticalpatch-B1993-r1.tar.gz to resolve this issue. [Hotfix 1989] Issue 1: The view of message header only shows up to 2 KB on the Mail Areas & Queues Management in the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix allows users to configure the maximum length of message header shown on the Mail Areas & Queues Management within a range between 2048 and 10240. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To show up to 10240 bytes (10 KB) of the message header: 1. Install this hotfix (see "Installation"). 2. Connect to the IMSVA database by running the following command. /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Insert the new row for MsgHeaderMaxLimit into the table tb_global_setting by running the SQL command one line by one line. INSERT INTO tb_global_setting VALUES ('general','MsgHeaderMaxLimit','10240','imss.ini','' ); 4. Quit the psql program by running the following command. \q 5. Restart the Manager service by running the following command. /opt/trend/imss/script/S99MANAGER restart Issue 2: The handoff message does not display and the "unknown mail transport error" message appears instead when the hostname for the handoff host is too long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the corresponding regular expression in the header_checks file to ensure that the handoff message displays normally when the handoff host hostname is long. Issue 3: The non-default Active Update settings support https protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates the "libtmau.so" to resolve this issue. Enhancement 1: This hotfix provides a way to apply SMTP throttling to specific senders only. [Hotfix 1988] Issue 1: InterScan Messaging Security Virtual Appliance (IMSVA) sends Web Reputation Services (WRS) queries without the product GUID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix adds the product GUID information in WRS queries. Issue 2: An issue prevents IMSVA from detecting spoof email messages that contain a double at sign "@@" in the sender domain. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates "libFilterAntiSpoof.so" to resolve this issue. Issue 3: The blocked domain list supports only up to 5000 entries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix allows users to set the maximum supported entries for the blocked domain list on CPF. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To apply the changes: 1. Install this hotfix (see "Installation"). 2. Insert a record into the IMSVA database by running the following SQL statement: insert into tb_global_setting (section, name, value, inifile) values ('pre-filter', 'approved_sender_list_limit', '5000', 'imss.ini'); insert into tb_global_setting (section, name, value, inifile) values ('pre-filter', 'blocked_sender_list_limit', '5000', 'imss.ini'); 3. Run the following command in the IMSS backend: /opt/trend/imss/script/S99ADMINUI restart Issue 4: An issue prevents IMSVA from inserting stamps in text/plain entities on specific messages from any iOS platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix upgrades the third-party TmMsg module to resolve this issue. Issue 5: The "TaskTimeout" setting for smart_scan remains at 1500 (ms) after the value of "query_timeout_ms" has been updated to 3500 (ms). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix updates "libFilterVirus.so" to resolve the issue. Issue 6: Trend Micro Deep Discovery Analyzer returns a server error when it receives a URL sample that contains square brackets in the domain part from other Trend Micro products. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix updates some internal modules to fix this issue. Enhancement 1: This hotfix provides a way to export the TLS status from message tracking reports. [Hotfix 1987] Issue 1: A case-sensitivity issue related to the DFA table prevents the eManager(TM) 7.5 module from matching file names properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the eManager module to resolve this issue. Issue 2: There are proposed Active Update (AU) security enhancements for Trend Micro Deep Discovery Email Inspector in InterScan Messaging Security Virtual Appliance (IMSVA). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix applies these enhancements to IMSVA. Issue 3: The IMSVA services restart even when the expiration date has not been renewed manually online. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves this issue. Issue 4: Users encounter a "Fail to Create Scan Option for eManager" error when creating a policy with keywords or expressions that contain "人種差別". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix ensures that users can create policies normally. Issue 5: IMSVA is affected by a potential Spectre SWAPGS gadget vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix upgrades the Linux kernel to remove the vulnerability. Issue 6: An issue related to the Archive Area size calculation triggers IMSVA to send out notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix increases the sub-folder calculation count from 4 to 16 to help prevent the issue. Issue 7: The Data Loss Prevention(TM) (DLP) policy blocks certain attachments incorrectly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix updates the eManager module to resolve this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To apply the changes: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "general" section and set it to "no": [general] KeepOriginTypeForEncryptedFile=no 4. Save the changes and close the file. 5. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart [Hotfix 1984] Issue 1: dtasagent may send a large number of unnecessary error notifications to administrators. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. [Hotfix 1983] Issue 1: The syslog output is sent to the terminal console when InterScan Messaging Security Virtual Appliance (IMSVA) cannot connect to the syslog server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix prevents IMSVA from sending the syslog output to the terminal console when it cannot connect to the syslog server. [Hotfix 1981] Issue 1: The "Administration > Transport Layer Security > Messages Exiting IMSVA" settings are not exported after users click the "Export" button at the bottom of the page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the settings can be exported normally by clicking on the "Export" button at the bottom of the page. Issue 2: On rare instances, the imssd process may not be able to start after an Active Update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix adds a new exclusive lock to ensure that imssd can start successfully after an Active Update. Issue 3: Some temporary files remain in the "/tmp" folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix removes the unused temporary files from the "/tmp" folder. Issue 4: DMARC reports from InterScan Messaging Security Virtual Appliance (IMSVA) may contain invalid domain selectors. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves the issue. Issue 5: Email messages with invalid message-id's cannot be sent to Virtual Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix ensures that these email messages can be sent to Virtual Analyzer successfully. Issue 6: There is a minor bug in "marco wave" enhancement ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix resolves the issue. Enhancement 1: This hotfix enables IMSVA to send out notifications using the first anti-virus or Web Reputation Service (WRS) policy notification when triggered by suspicious objects (SO) and the SO-URL policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable the notification 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "policy_server" section and set its value to "true". [policy_server] EnableSORuleNotifyAction=true 4. Save the changes and close the file. 5. Restart the scanner service using the following command: /opt/trend/imss/script/S99POLICY restart [Hotfix 1979] Issue 1: The InterScan Messaging Security Virtual Appliance (IMSVA) content filter may encounter performance issues when using certain kinds of expressions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades the eManager(TM) module to the latest version to prevent the performance issues. Issue 2: Expressions may be saved with an unnecessary ".*" at the beginning or at the end which may impact IMSVA performance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix enables IMSVA to automatically remove ".*" from the beginning or end of old expressions before scanning and to remind users to remove the ".*" at the beginning or at the end of an expression when saving it. Issue 3: The "bounce_queue_lifetime" key is set to "0" by default which may not be suitable under certain scenarios. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix changes the default value of "bounce_queue_lifetime" to "1d". Issue 4: The IMSVA program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves the vulnerability. Enhancement 1: This hotfix allows users to configure the allowed maximum DFA node number and maximum regex match times to prevent performance issues. This hotfix also enables IMSVA to display the DFA node number of a configured policy and to generate logs if the DFA exceeds the configured maximum number in "contentFilterMaxDFANodeLimit" or when match times exceed the configured number of times in "contentFilterMaxRegMatchLimit". Enhancement 2: This hotfix improves the End User Quarantine (EUQ) digests performance enhancing ldapcache and changing euqutil to multi-threads. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To set a number of threads for each EUQ database in the Digest process: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "general" section and set it to the maximum number of threads. Trend Micro recommends setting it to "10". [general] DigestThrdNumPerEUQDB=10 4. Save the changes and close the file. [Hotfix 1976] Issue 1: Under certain special network conditions, the End User Quarantine (EUQ) console displays an exception error while refreshing 20 minutes after users log in. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: "Virtual Analyzer Settings" and "DKIM Signature Event" notifications display the wrong SNMP trap IDs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix defines new SNMP trap IDs for these two event notifications. Issue 3: URLs in the web reputation approved list are still rewritten because the approved list is case-sensitive. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix makes the list case-insensitive. Issue 4: The imsscmagent service may encounter high CPU usage issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix prevents the issue. Issue 5: Sender Filtering logs incorrectly indicate that DMARC connections are "dropped". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix ensures that the DMARC connection status is correct. Enhancement 1: Macrowave can detect first-wave malware. This hotfix enables InterScan Messaging Security Virtual Appliance (IMSVA) to detect unknown malware in an email attachment based on machine learning technology. This technology is integrated with the IMSVA anti-spam policy and is enabled by default. Enhancement 2: Sometimes, when users modify a bookmark in a different operating system, the line endings will be different which prevents IMSVA from recognizing the bookmark. This hotfix enables IMSVA to recognize modified bookmarks. [Hotfix 1974] Issue 1: The InterScan Messaging Suite Virtual Appliance (IMSVA) scanner may stop unexpectedly when the "Smart Scan" is enabled and "Pattern update" is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the Smart Scan module to resolve the issue. Issue 2: If the local server management module cannot access the database during initialization, it will not be able to work normally even after the database is back to normal. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the local server management feature works normally once the database is back to normal. Issue 3: If the IMSVA product license has expired but is still within the renewal grace period, Trend Micro Control Manager(TM) will not be able to deploy components like pattern files and search engines to IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue. Issue 4: The IMSVA queue monitor thread may calculate the archive and quarantine sizes incorrectly and will be triggered to notify the administrator that the queue is almost full. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix ensures that IMSVA calculates the queue size correctly. Issue 5: The message tracing module may not be able to parse the maillog under certain conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix ensures that the message tracing module can parse the maillog correctly. Issue 6: The IMSVA delivery service may not be able to start if it takes a long time to connect to the database and eventually fail to connect to the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix enables the manager service to attempt to start the delivery service repeatedly until the service starts successfully. Issue 7: The "Header keyword expressions" filter may not be able to detect some certain types of email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix ensures IMSVA can detect email messages normally. [Hotfix 1972] Issue 1: Some information may be missing from InterScan Messaging Security Virtual Appliance (IMSVA) reports because the information is missing from the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that all required information is properly saved in the database so that IMSVA reports contain complete and accurate information. Issue 2: IMSVA uses the wrong SNMP Trap message ID for "Switched to Conventional Scan". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix corrects the "Switched to Conventional Scan" SNMP trap ID. Issue 3: The "X-TM-AS-GCONF" email header displays incorrect information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that the "X-TM-AS-GCONF" email header displays the correct information. Issue 4: An issue prevents the Product Registration (PR) module from validating product Activation Codes (AC) correctly during Daylight Saving Time (DST). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix upgrades the PR module to ensure that it can validate ACs correctly during DST. Issue 5: Users cannot create admin accounts using LDAP authentication when they have previously accessed the "Administration > End-User Quarantine" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix resolves the issue so users can create admin accounts using LDAP authentication without issues. Issue 6: Some temporary files under the "/tmp/" folder are not purged automatically. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix ensures that IMSVA purges temporary files under the "/tmp/" regularly. Issue 7: wrsagent does not work if the hostname exceeds 32 bytes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix ensures that wrsagent can handle hostnames that exceed 32 bytes. Issue 8: Users cannot create an admin account using Sun iPlanet LDAP authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This hotfix ensures that users can create admin accounts using Sun iPlanet LDAP authentication. Issue 9: imssd may stop working while scanning certain email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This hotfix ensures that imssd can scan email messages normally. Issue 10: IMSVA may submit a URL sample to Trend Micro Deep Discovery Analyzer when the URL is very long or when all the URLs are in cache but the Deep Discovery Analyzer report is not ready. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This hotfix ensures IMSVA submits the correct URL samples to Deep Discovery Analyzer for analysis. Issue 11: The IMSVA "Password protected zip files (unscannable files)" policy does not work if it scans an email after receiving the Virtual Analyzer reports. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This hotfix ensures that the policy works normally. Issue 12: An error message is added into the IMSVA database log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This hotfix resolves the error. Issue 13: Sometimes, the Sender Policy Framework (SPF) approved list in IMSVA does not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This hotfix ensures that the SPF approved list works normally. Enhancement 1: This hotfix enables SPF to support EDNS. Enhancement 2: Previously, IMSVA does not treat adding an X-header to an email message as modifying the email and does not split the email. This hotfix provides to configure IMSVA to treat this event as email modification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure IMSVA to treat adding an X-header to an email message as email modification: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "general" section and set its value to "yes": [general] InsertXHeaderTagIfModifyMsgBody=yes 4. Save the changes and close the file. 5. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide