<> Trend Micro Incorporated September 29th, 2020 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan Messaging Security Virtual Appliance 9.1 - Patch 3 English - Linux - 64 Bits Critical Patch - Build 2025 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== This Critical Patch resolves the following issue(s): Issue 1: The InterScan Messaging Security Virtual Appliance (IMSVA) program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch updates IMSVA to resolve the vulnerability. 1.2 Enhancements ==================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in This Release ==================================================================== A. Files for Current Issue ------------------------------------------------------------ Filename Build No. --------------------------------------------------------- imssd 9.1.0.2025 libFilterSpsTmase.so 9.1.0.2025 imp_exp 9.1.0.2025 Files for Issue 1 --------------------------------------------------------- ip_settings_dha.jsp 9.1.0.2025 imss/lib/libtmactupdate.so 9.1.0.2025 imss/lib/libpatch.so 9.1.0.2025 imss/lib/liblwtpciu32.so 9.1.0.2025 imss/lib/libciuas32.so 9.1.0.2025 imss/lib/expapply.so 9.1.0.2025 imss/lib/cert5.db 9.1.0.2025 imss/lib/AuPatch 9.1.0.2025 imss/lib/aumsg.0 9.1.0.2025 imss/lib/aumsg.932 9.1.0.2025 imss/lib/aumsg.936 9.1.0.2025 imss/lib/aumsg.949 9.1.0.2025 imss/lib/aumsg.950 9.1.0.2025 bin/imssd 9.1.0.2025 lib/libFilterAction.so 9.1.0.2025 LdapCacheSync$1.class 9.1.0.2025 LdapCacheSync.class 9.1.0.2025 EmailSync.class 9.1.0.2025 UI/adminUI/ROOT/error_404.jsp 9.1.0.2025 UI/adminUI/ROOT/WEB-INF/web.xml 9.1.0.2025 UI/euqUI/ROOT/error_404.jsp 9.1.0.2025 UI/euqUI/ROOT/WEB-INF/web.xml 9.1.0.2025 UI/apache/ 9.1.0.2025 UI/javaJRE/ 9.1.0.2025 UI/tomcat/ 9.1.0.2025 euqutil 9.1.0.2025 MsgTracing-0.2-py2.7.egg 9.1.0.2025 MsgTracing-0.2-py2.7.egg-info 9.1.0.2025 QtQueryAction.class 9.1.0.2025 DKIMWhiteListSettingAction.class 9.1.0.2025 UI/adminUI/ROOT/help/en/webhelp/ 9.1.0.2025 imssmgr 9.1.0.2025 imssps 9.1.0.2025 foxdns 9.1.0.2025 libImssCommon.so 9.1.0.2025 libFilterEmgrPlugin.so 9.1.0.2025 imss6Policy_en.properties 9.1.0.2025 imss6Policy.properties 9.1.0.2025 opendmarc 9.1.0.2025 sys_dkim_sign_show_DNSRecord.jsp 9.1.0.2025 libFilterSpsTmase.so 9.1.0.2025 AccountParser$AccountContentHandler.class 9.1.0.2025 AccountParser.class 9.1.0.2025 AccountParserTest.class 9.1.0.2025 AddBlockIPAction.class 9.1.0.2025 ddDomainAction.class 9.1.0.2025 AddRuleAction.class 9.1.0.2025 ddSenderAction.class 9.1.0.2025 AddWhiteIPAction.class 9.1.0.2025 AddrGroupAction.class 9.1.0.2025 AdminDAO.class 9.1.0.2025 AdminDBAction$1.class 9.1.0.2025 AdminDBAction.class 9.1.0.2025 BackupAction$1.class 9.1.0.2025 BackupAction$ConfigFileNameFilter.class 9.1.0.2025 BackupAction.class 9.1.0.2025 BatchParser$BatchContentHandler.class 9.1.0.2025 BatchParser.class 9.1.0.2025 BouncedSettingAction.class 9.1.0.2025 BundleParser$BundleContentHandler.class 9.1.0.2025 BundleParser.class 9.1.0.2025 ComplianceLogParser.class 9.1.0.2025 ComplianceTemplateInterface.class 9.1.0.2025 ComplianceTemplateWSAction.class 9.1.0.2025 ComplianceTemplatesAction$EntityComparator.class 9.1.0.2025 ComplianceTemplatesAction.class 9.1.0.2025 ConditionAction.class 9.1.0.2025 ConnBasicAction.class 9.1.0.2025 ConnChildIPAction.class 9.1.0.2025 ConnLDAPAction$1.class 9.1.0.2025 ConnLDAPAction.class 9.1.0.2025 ConnNTPAction.class 9.1.0.2025 ConnSettingAction.class 9.1.0.2025 ConnTMCMAction.class 9.1.0.2025 DDAServerMgmtAction.class 9.1.0.2025 DDASettingAction$1.class 9.1.0.2025 DDASettingAction.class 9.1.0.2025 DHASettingAction.class 9.1.0.2025 DKIMWhiteListSettingAction.class 9.1.0.2025 DLPExpressionInterface.class 9.1.0.2025 DLPFileAttributeInterface.class 9.1.0.2025 DLPKeywordInterface.class 9.1.0.2025 DMARCSettingAction.class 9.1.0.2025 DataIdentifierWSAction.class 9.1.0.2025 DelBlockIPAction.class 9.1.0.2025 DelWhiteIPAction.class 9.1.0.2025 DeployAPIKeyAction.class 9.1.0.2025 DkimSignAction$1.class 9.1.0.2025 DkimSignAction$LogLevel.class 9.1.0.2025 DkimSignAction.class 9.1.0.2025 DomainListAction.class 9.1.0.2025 DomainParser$DomainContentHandler.class 9.1.0.2025 DomainParser.class 9.1.0.2025 DomainParserTest.class 9.1.0.2025 DomainPolicyParser$DomainPolicyContentHandler.class 9.1.0.2025 DomainPolicyParser.class 9.1.0.2025 DomainPolicyParserTest.class 9.1.0.2025 DomainSettingParser$DomainSettingContentHandler.class 9.1.0.2025 DomainSettingParser.class 9.1.0.2025 DomainSettingParserTest.class 9.1.0.2025 DstServerListAction.class 9.1.0.2025 EuqApprovedSenderAction$1.class 9.1.0.2025 EuqApprovedSenderAction.class 9.1.0.2025 EuqHttpFilter.class 9.1.0.2025 EuqMessagesAction.class 9.1.0.2025 ExpressionAction.class 9.1.0.2025 FileAttributeAction.class 9.1.0.2025 ImssCsrfRequestMatcher.class 9.1.0.2025 InboundServerParser$InboundServerContentHandler.class 9.1.0.2025 InboundServerParser.class 9.1.0.2025 InterAddrAction.class 9.1.0.2025 InternalHostAction$PageList.class 9.1.0.2025 InternalHostAction.class 9.1.0.2025 JobParser$JobContentHandler.class 9.1.0.2025 JobParser.class 9.1.0.2025 KeywordListsAction.class 9.1.0.2025 LogSettingAction.class 9.1.0.2025 LogSyslogSettingAction.class 9.1.0.2025 LoginAction.class 9.1.0.2025 MTASettingAction$1.class 9.1.0.2025 MTASettingAction$10.class 9.1.0.2025 MTASettingAction$11.class 9.1.0.2025 MTASettingAction$12.class 9.1.0.2025 MTASettingAction$13.class 9.1.0.2025 MTASettingAction$14.class 9.1.0.2025 MTASettingAction$15.class 9.1.0.2025 MTASettingAction$16.class 9.1.0.2025 MTASettingAction$17.class 9.1.0.2025 MTASettingAction$18.class 9.1.0.2025 MTASettingAction$19.class 9.1.0.2025 MTASettingAction$2.class 9.1.0.2025 MTASettingAction$20.class 9.1.0.2025 MTASettingAction$21.class 9.1.0.2025 MTASettingAction$22.class 9.1.0.2025 MTASettingAction$23.class 9.1.0.2025 MTASettingAction$24.class 9.1.0.2025 MTASettingAction$25.class 9.1.0.2025 MTASettingAction$26.class 9.1.0.2025 MTASettingAction$3.class 9.1.0.2025 MTASettingAction$4.class 9.1.0.2025 MTASettingAction$5.class 9.1.0.2025 MTASettingAction$6.class 9.1.0.2025 MTASettingAction$7.class 9.1.0.2025 MTASettingAction$8.class 9.1.0.2025 MTASettingAction$9.class 9.1.0.2025 MTASettingAction.class 9.1.0.2025 MailTrackParser$MailTrackContentHandler.class 9.1.0.2025 MailTrackParser.class 9.1.0.2025 MailTrackParserTest.class 9.1.0.2025 MoveBlockIPAction.class 9.1.0.2025 MtaQueryAction.class 9.1.0.2025 MtaQueryActionTask.class 9.1.0.2025 MtaSummaryAction.class 9.1.0.2025 MtaSummaryActionTask.class 9.1.0.2025 NRSSettingAction.class 9.1.0.2025 OutboundIPParser$OutboundIpContentHandler.class 9.1.0.2025 OutboundIPParser.class 9.1.0.2025 PolicyWSAction.class 9.1.0.2025 PostfixQueueMgmtAction.class 9.1.0.2025 PrefilterErrorParser$PrefilterErrorContentHandler.class 9.1.0.2025 PrefilterErrorParser.class 9.1.0.2025 ProcQueueQueryAction.class 9.1.0.2025 PwdProtectAction.class 9.1.0.2025 QtEditAreaAction.class 9.1.0.2025 QtQueryAction.class 9.1.0.2025 QtSettingsAction.class 9.1.0.2025 RcptDeletedParser$RcptDeletedContentHandler.class 9.1.0.2025 RcptDeletedParser.class 9.1.0.2025 RecipientParser$RecipientContentHandler.class 9.1.0.2025 RecipientParser.class 9.1.0.2025 RecipientParserTest.class 9.1.0.2025 RegionAddressParser$RegionAddressContentHandler.class 9.1.0.2025 RegionAddressParser.class 9.1.0.2025 RuleActionNamedObjAction.class 9.1.0.2025 RuleActionNotifyAction.class 9.1.0.2025 RuleActionStampAction.class 9.1.0.2025 RuleActionTagAction.class 9.1.0.2025 RuleAttrAntiSpoofAction.class 9.1.0.2025 RuleAttrCCCAAction.class 9.1.0.2025 RuleAttrDKIMEnforcementAction.class 9.1.0.2025 RuleAttrGraymailAction.class 9.1.0.2025 RuleAttrKeywordAction.class 9.1.0.2025 RuleAttrMIMEAction.class 9.1.0.2025 RuleAttrNameAction.class 9.1.0.2025 RuleAttrSpamAction.class 9.1.0.2025 RuleAttrTimeRangeAction.class 9.1.0.2025 RuleAttrTrueFileAction.class 9.1.0.2025 RuleAttrWrsAction.class 9.1.0.2025 RuleDetailAction.class 9.1.0.2025 RuleListAction.class 9.1.0.2025 SameSiteCheck.xml 9.1.0.2025 ScanModeAction.class 9.1.0.2025 SecViolateAction.class 9.1.0.2025 SelectAddrAction.class 9.1.0.2025 SenderParser$SenderContentHandler.class 9.1.0.2025 SenderParser.class 9.1.0.2025 SenderParserTest.class 9.1.0.2025 SessionFilter.class 9.1.0.2025 SessionKeys.class 9.1.0.2025 SmartProtectionLocalSourceAction$1.class 9.1.0.2025 SmartProtectionLocalSourceAction.class 9.1.0.2025 SmartProtectionScanServiceAction.class 9.1.0.2025 SmartProtectionWRServiceAction.class 9.1.0.2025 SpamSettingAction.class 9.1.0.2025 ThreatSummaryParser$ThreatSummaryContentHandler.class 9.1.0.2025 ThreatSummaryParser.class 9.1.0.2025 ThreatSummaryParserTest.class 9.1.0.2025 TotalTrafficParser$TotalTrafficContentHandler.class 9.1.0.2025 TotalTrafficParser.class 9.1.0.2025 TotalTrafficParserTest.class 9.1.0.2025 UpdateBlockIPAction.class 9.1.0.2025 UpdateWhitelistAction.class 9.1.0.2025 VirusRuleAction.class 9.1.0.2025 VirusSettingAction.class 9.1.0.2025 error_403.jsp 9.1.0.2025 error_404.jsp 9.1.0.2025 imssmgr 9.1.0.2025 imsva_pd_util 9.1.0.2025 liblogin.so 9.1.0.2025 opendmarc 9.1.0.2025 smart_reporter 9.1.0.2025 web.xml 9.1.0.2025 imss6Logs_en.properties 9.1.0.2025 libFilterWrs.so 9.1.0.2025 libFilterEmgrPlugin.so 9.1.0.2025 openssh-5.3p1-122.el6.x86_64.rpm 9.1.0.2025 openssh-clients-5.3p1-122.el6.x86_64.rpm 9.1.0.2025 openssh-server-5.3p1-122.el6.x86_64.rpm 9.1.0.2025 MsgTracing-0.2-py2.7.egg 9.1.0.2025 MsgTracing-0.2-py2.7.egg-info 9.1.0.2025 viewers\dtv_pdfcrypto.so 9.1.0.2025 Policy_full.xml 9.1.0.2025 adj.dat 9.1.0.2025 adj.idx 9.1.0.2025 adv.dat 9.1.0.2025 adv.idx 9.1.0.2025 american-name.txt 9.1.0.2025 cme.conf 9.1.0.2025 etyv 9.1.0.2025 libEmExpression.so 9.1.0.2025 libEmSynonym.a 9.1.0.2025 libcme_dll.so 9.1.0.2025 libcme_dll.so.0 9.1.0.2025 libcme_vxe_dll.so 9.1.0.2025 libcme_vxe_dll_static.so 9.1.0.2025 libdlpEngine.so.0 9.1.0.2025 libdtsearch.so 9.1.0.2025 libem_debug.so 9.1.0.2025 libem_helpr.so 9.1.0.2025 libicudata.so.51 9.1.0.2025 libicudata.so.57 9.1.0.2025 libicui18n.so.51 9.1.0.2025 libicui18n.so.57 9.1.0.2025 libicuuc.so.51 9.1.0.2025 libicuuc.so.57 9.1.0.2025 noun.dat 9.1.0.2025 noun.idx 9.1.0.2025 spanish-name.txt 9.1.0.2025 tmpe.pol 9.1.0.2025 tmpeEnum.xml 9.1.0.2025 verb.dat 9.1.0.2025 verb.idx 9.1.0.2025 libtmau.so 9.1.0.2025 aucmd 9.1.0.2025 libImssCrypto.so 9.1.0.2025 libImssDAO.so 9.1.0.2025 rule_attr_keyword_list.jsp 9.1.0.2025 policy_search.jsp 9.1.0.2025 imss7PolicySearch.properties 9.1.0.2025 imss-resources.xml 9.1.0.2025 policy_search_tool_style.css 9.1.0.2025 query_prev.gif 9.1.0.2025 query_next.gif 9.1.0.2025 query.gif 9.1.0.2025 LogoTrendMicro_3d.gif 9.1.0.2025 PolicySearchAction.class 9.1.0.2025 PolicySearchDAO.class 9.1.0.2025 PolicySearchConstants.class 9.1.0.2025 PolicySearchResult.class 9.1.0.2025 imssOLH.properties 9.1.0.2025 en/webhelp/* 9.1.0.2025 libImssCommon.so 9.1.0.2025 libFilterAction.so 9.1.0.2025 imss6Logs.properties 9.1.0.2025 logs_query_sysevent.jsp 9.1.0.2025 SysLogs.class 9.1.0.2025 EuqBE.class 9.1.0.2025 EndUserBE.class 9.1.0.2025 EndUser.class 9.1.0.2025 DigestInlineActionAction.class 9.1.0.2025 EuqViewMessageAction.class 9.1.0.2025 EuqDistributionListAction.class 9.1.0.2025 EUQNtlmHttpFilter.class 9.1.0.2025 LogoffAction.class 9.1.0.2025 libEUQjni.so 9.1.0.2025 euqutil 9.1.0.2025 libopendmarc.so 9.1.0.2025 apply_special.sh 9.1.0.2025 libIMSSjni.so 9.1.0.2025 rule_attr_keyword.jsp 9.1.0.2025 select_addr_exception.jsp 9.1.0.2025 select_addr_group.jsp 9.1.0.2025 wrsagent 9.1.0.2025 libTmIbeCryptoSdk.so 9.1.0.2025 libTmIbeCryptoSdk.so.0 9.1.0.2025 libTmIbeCryptoSdk.so.0.0.0 9.1.0.2025 dtv_pdfcrypto.so 9.1.0.2025 PatchAction.class 9.1.0.2025 libGsoapClient.so 9.1.0.2025 header_checks 9.1.0.2025 smtp_conn_agent 9.1.0.2025 libFilterAntiSpoof.so 9.1.0.2025 CommonParams.class 9.1.0.2025 PrefilterConstants.class 9.1.0.2025 libtmmsg.so 9.1.0.2025 libFilterVirus.so 9.1.0.2025 dtasagent 9.1.0.2025 MsgLogs.class 9.1.0.2025 MsgLogrec.class 9.1.0.2025 ProductRegAction.class 9.1.0.2025 tb_named_obj 9.1.0.2025 kernel-2.6.32-754.23.1.el6.x86_64.rpm 9.1.0.2025 kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm 9.1.0.2025 libPolicyCaller.so 9.1.0.2025 imssps 9.1.0.2025 forceUpdate 9.1.0.2025 logtransfer 9.1.0.2025 smtp_tls_outgoing.jsp 9.1.0.2025 imsstasks 9.1.0.2025 dmarcreport_sender.py 9.1.0.2025 imss6Errors.properties 9.1.0.2025 imss6Errors_en.properties 9.1.0.2025 rule_attr_keyword_item.jsp 9.1.0.2025 libImssRule.so 9.1.0.2025 libFilterGraymail.so 9.1.0.2025 BifConnect$1.class 9.1.0.2025 BifConnect.class 9.1.0.2025 BifInfo$1.class 9.1.0.2025 BifInfo.class 9.1.0.2025 LogQueryIpDAO.class 9.1.0.2025 imsscmagent 9.1.0.2025 libProductLibrary.so 9.1.0.2025 IMSVA8.mib 9.1.0.2025 IMSVA8-V2.mib 9.1.0.2025 libcrc0filter.so 9.1.0.2025 libICRCHdler.so 9.1.0.2025 libICRCPerfLib_Cli.so 9.1.0.2025 localservermgmt 9.1.0.2025 imssdps 9.1.0.2025 predata_gen 9.1.0.2025 libtmprapid.so 9.1.0.2025 libtmprapi.so 9.1.0.2025 libtmpr.so 9.1.0.2025 AdminAccountAction.class 9.1.0.2025 admin_auth.jsp 9.1.0.2025 AdminUser.class 9.1.0.2025 LdapJNI.class 9.1.0.2025 apply_db.sh 9.1.0.2025 SPFPolicyd/dns 9.1.0.2025 SPFPolicyd.py 9.1.0.2025 spf.py 9.1.0.2025 test_spf.py 9.1.0.2025 B. Files for Previous Issues ------------------------------------------------------------ Not applicable. 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Trend Micro InterScan Messaging Security Virtual Appliance 9.1 Patch 3 Build 1960 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Select and upload the Critical Patch package (tar.gz). 4. After a few minutes, check the latest uploaded package information to make sure the management console has successfully uploaded the Critical Patch package to IMSVA. 5. If you have set up a group of IMSVA devices, select the parent device and click "Update". Wait for the parent device to finish updating, and then update all the child devices. 6. Wait for a few minutes and then log on to the IMSVA management console. 7. Go to "Administration > Updates > System & Applications". 8. Verify that the "OS version"/"Application version" values for all items in the "Current status" section match the Critical Patch version. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Log on to the IMSVA management console. 2. Go to "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears showing the updates and related log information. 4. To remove an update, click "Rollback". 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== Known issues in this release: #1 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] If Cloud Pre-Filter deletes an email message with no subject, and a user queries that email message on the web console, the logs display "??" in the Subject line. #2 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] Users cannot use the Down-Level Logon Name format (for example: "\DOMAIN\UserName") to create LDAP admin accounts. IMSVA accepts only accounts that contain a User Principal Name (UPN). #3 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The following issues occur if IMSVA is unable to convert Subject line text to UTF-8. - The logs display garbled text. - IMSVA quarantines the email message and the Subject field displays the message "Unsupported charset non-UTF-8" if a user attempts to view the email message through the web console. NOTE: IMSVA attempts to convert characters to UTF-8 whenever the Subject line: - Does not contain character set information - Contains special characters (such as the copyright symbol) - Contains double-byte characters #4 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] To view the web console using Internet Explorer on computers running Windows 2003, users must first perform the following task. 1. Go to "Tools > Internet Options > Security > Trusted Sites > Sites". 2. Add the IP address of the computer on which IMSVA is installed. 3. Click Close. #5 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA may still scan and quarantine email messages even after a user deploys a policy with the "handoff" action. Email messages may still be quarantined if they trigger scanning exceptions because IMSVA prioritizes exceptions over spam and content filters. #6 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] If time settings (including time zones) are not synchronized across IMSVA servers, certain functions (such as log purge and EUQ sign in with Kerberos) may not work as expected. #7 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The monitor action "BCC" does not function for the following security settings violations (under "Scanning Exceptions"): * Total message size exceeds * Total # recipients exceeds #8 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA encounters issues when decrypting email messages that were not encrypted using UTF-8. The Subject line in the decrypted email messages may contain either garbled text or a series of question marks. #9 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA cannot perform content filtering on a PDF file if: * Access permission of the file is set to "read only"; and * The file is encrypted using RC4 and the key length is greater than 40 bits. NOTE: IMSVA can still perform an antivirus check on the file. #10 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA does not check for spoofed internal messages if the recipient is an IPv6 address. #11 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] SOCKS4 does not support IPv6. #12 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The IBE server does not support connections with the IPv6 proxy server. #13 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IP Profiler does not support IPv6. #14 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] Product license management does not support SOCKS connections with the IPv6 proxy server. #15 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] IMSVA detects C&C email messages based only on the addresses in the message header. #16 Known issue: [Reported at: IMSVA 8.5.0 GM B11650] The IMSVA and Control Manager counters for C&C email messages are not consistent. IMSVA counts all incoming and outgoing messages that trigger the filter, while Control Manager counts only outgoing messages. #17 Known issue: [Reported at: IMSVA 8.5.1 Service Pack 1 B15160] Smart Scan cannot fail over to Conventional Scan while in high availability mode. #18 Known issue: [Reported at: IMSVA 9.0.0 GM B1383] DKIM signing identifies inbound or outbound email messages based on internal addresses, but DKIM signing does not regard LDAP groups as internal addresses. If you set internal addresses using an LDAP group, DKIM signing does not use this LDAP group for identifying inbound email messages. #19 Known issue: [Reported at: IMSVA 9.0.0 GM B1383] When delivering an email message, IMSVA first sends the email message to the destination server with the highest priority. If the destination server returns a "4XX" or "5XX" error after being connected, IMSVA still considers the destination server available and sends the email message to it. #20 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] If the time zone setting on the IMSVA server is different from that on the database server, policy event logs cannot be queried. #21 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] When IMSVA delivers reports through email, users might be unable to access links in the reports if they use Microsoft Office 365 to check email messages. #22 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] On the IMSVA management console, the active navigation menu is highlighted after being clicked. In Internet Explorer 9, the menu highlight color cannot be shown properly. #23 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] IMSVA rewrites URLs in email messages to provide time-of-click protection. If the email messages contain both URLs and Chinese characters in plain text, IMSVA extracts incorrect URLs and rewrites them improperly. #24 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] Each registered Activation Code matches a unique key. If an Activation Code has been registered to the Time-of-Click Protection service, it cannot be changed to another registered Activation Code because the matching key cannot change. #25 Known issue: [Reported at: IMSVA 9.1.0 GM B1600] IMSVA rewrites URLs in email messages to provide time-of-click protection. If users forward or reply to those email messages after the URLs have been rewritten, IMSVA will check the URLs again. In this case, IMSVA is unable to extract the rewritten URLs from plain text, and a return error is recorded in message tracking logs. This error does not affect users. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1972] Issue 1: Some information may be missing from InterScan Messaging Security Virtual Appliance (IMSVA) reports because the information is missing from the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that all required information is properly saved in the database so that IMSVA reports contain complete and accurate information. Issue 2: IMSVA uses the wrong SNMP Trap message ID for "Switched to Conventional Scan". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix corrects the "Switched to Conventional Scan" SNMP trap ID. Issue 3: The "X-TM-AS-GCONF" email header displays incorrect information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that the "X-TM-AS-GCONF" email header displays the correct information. Issue 4: An issue prevents the Product Registration (PR) module from validating product Activation Codes (AC) correctly during Daylight Saving Time (DST). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix upgrades the PR module to ensure that it can validate ACs correctly during DST. Issue 5: Users cannot create admin accounts using LDAP authentication when they have previously accessed the "Administration > End-User Quarantine" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix resolves the issue so users can create admin accounts using LDAP authentication without issues. Issue 6: Some temporary files under the "/tmp/" folder are not purged automatically. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix ensures that IMSVA purges temporary files under the "/tmp/" regularly. Issue 7: wrsagent does not work if the hostname exceeds 32 bytes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix ensures that wrsagent can handle hostnames that exceed 32 bytes. Issue 8: Users cannot create an admin account using Sun iPlanet LDAP authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This hotfix ensures that users can create admin accounts using Sun iPlanet LDAP authentication. Issue 9: imssd may stop working while scanning certain email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This hotfix ensures that imssd can scan email messages normally. Issue 10: IMSVA may submit a URL sample to Trend Micro Deep Discovery Analyzer when the URL is very long or when all the URLs are in cache but the Deep Discovery Analyzer report is not ready. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This hotfix ensures IMSVA submits the correct URL samples to Deep Discovery Analyzer for analysis. Issue 11: The IMSVA "Password protected zip files (unscannable files)" policy does not work if it scans an email after receiving the Virtual Analyzer reports. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This hotfix ensures that the policy works normally. Issue 12: An error message is added into the IMSVA database log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This hotfix resolves the error. Issue 13: Sometimes, the Sender Policy Framework (SPF) approved list in IMSVA does not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This hotfix ensures that the SPF approved list works normally. Enhancement 1: This hotfix enables SPF to support EDNS. Enhancement 2: Previously, IMSVA does not treat adding an X-header to an email message as modifying the email and does not split the email. This hotfix provides to configure IMSVA to treat this event as email modification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure IMSVA to treat adding an X-header to an email message as email modification: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "general" section and set its value to "yes": [general] InsertXHeaderTagIfModifyMsgBody=yes 4. Save the changes and close the file. 5. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart [Hotfix 1974] Issue 1: The InterScan Messaging Suite Virtual Appliance (IMSVA) scanner may stop unexpectedly when the "Smart Scan" is enabled and "Pattern update" is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the Smart Scan module to resolve the issue. Issue 2: If the local server management module cannot access the database during initialization, it will not be able to work normally even after the database is back to normal. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the local server management feature works normally once the database is back to normal. Issue 3: If the IMSVA product license has expired but is still within the renewal grace period, Trend Micro Control Manager(TM) will not be able to deploy components like pattern files and search engines to IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue. Issue 4: The IMSVA queue monitor thread may calculate the archive and quarantine sizes incorrectly and will be triggered to notify the administrator that the queue is almost full. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix ensures that IMSVA calculates the queue size correctly. Issue 5: The message tracing module may not be able to parse the maillog under certain conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix ensures that the message tracing module can parse the maillog correctly. Issue 6: The IMSVA delivery service may not be able to start if it takes a long time to connect to the database and eventually fail to connect to the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix enables the manager service to attempt to start the delivery service repeatedly until the service starts successfully. Issue 7: The "Header keyword expressions" filter may not be able to detect some certain types of email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix ensures IMSVA can detect email messages normally. [Hotfix 1976] Issue 1: Under certain special network conditions, the End User Quarantine (EUQ) console displays an exception error while refreshing 20 minutes after users log in. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. Issue 2: "Virtual Analyzer Settings" and "DKIM Signature Event" notifications display the wrong SNMP trap IDs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix defines new SNMP trap IDs for these two event notifications. Issue 3: URLs in the web reputation approved list are still rewritten because the approved list is case-sensitive. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix makes the list case-insensitive. Issue 4: The imsscmagent service may encounter high CPU usage issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix prevents the issue. Issue 5: Sender Filtering logs incorrectly indicate that DMARC connections are "dropped". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix ensures that the DMARC connection status is correct. Enhancement 1: Macrowave can detect first-wave malware. This hotfix enables InterScan Messaging Security Virtual Appliance (IMSVA) to detect unknown malware in an email attachment based on machine learning technology. This technology is integrated with the IMSVA anti-spam policy and is enabled by default. Enhancement 2: Sometimes, when users modify a bookmark in a different operating system, the line endings will be different which prevents IMSVA from recognizing the bookmark. This hotfix enables IMSVA to recognize modified bookmarks. [Hotfix 1979] Issue 1: The InterScan Messaging Security Virtual Appliance (IMSVA) content filter may encounter performance issues when using certain kinds of expressions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades the eManager(TM) module to the latest version to prevent the performance issues. Issue 2: Expressions may be saved with an unnecessary ".*" at the beginning or at the end which may impact IMSVA performance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix enables IMSVA to automatically remove ".*" from the beginning or end of old expressions before scanning and to remind users to remove the ".*" at the beginning or at the end of an expression when saving it. Issue 3: The "bounce_queue_lifetime" key is set to "0" by default which may not be suitable under certain scenarios. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix changes the default value of "bounce_queue_lifetime" to "1d". Issue 4: The IMSVA program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves the vulnerability. Enhancement 1: This hotfix allows users to configure the allowed maximum DFA node number and maximum regex match times to prevent performance issues. This hotfix also enables IMSVA to display the DFA node number of a configured policy and to generate logs if the DFA exceeds the configured maximum number in "contentFilterMaxDFANodeLimit" or when match times exceed the configured number of times in "contentFilterMaxRegMatchLimit". Enhancement 2: This hotfix improves the End User Quarantine (EUQ) digests performance enhancing ldapcache and changing euqutil to multi-threads. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To set a number of threads for each EUQ database in the Digest process: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "general" section and set it to the maximum number of threads. Trend Micro recommends setting it to "10". [general] DigestThrdNumPerEUQDB=10 4. Save the changes and close the file. [Hotfix 1981] Issue 1: The "Administration > Transport Layer Security > Messages Exiting IMSVA" settings are not exported after users click the "Export" button at the bottom of the page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the settings can be exported normally by clicking on the "Export" button at the bottom of the page. Issue 2: On rare instances, the imssd process may not be able to start after an Active Update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix adds a new exclusive lock to ensure that imssd can start successfully after an Active Update. Issue 3: Some temporary files remain in the "/tmp" folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix removes the unused temporary files from the "/tmp" folder. Issue 4: DMARC reports from InterScan Messaging Security Virtual Appliance (IMSVA) may contain invalid domain selectors. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves the issue. Issue 5: Email messages with invalid message-id's cannot be sent to Virtual Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix ensures that these email messages can be sent to Virtual Analyzer successfully. Issue 6: There is a minor bug in "marco wave" enhancement ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix resolves the issue. Enhancement 1: This hotfix enables IMSVA to send out notifications using the first anti-virus or Web Reputation Service (WRS) policy notification when triggered by suspicious objects (SO) and the SO-URL policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable the notification 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "policy_server" section and set its value to "true". [policy_server] EnableSORuleNotifyAction=true 4. Save the changes and close the file. 5. Restart the scanner service using the following command: /opt/trend/imss/script/S99POLICY restart [Hotfix 1983] Issue 1: The syslog output is sent to the terminal console when InterScan Messaging Security Virtual Appliance (IMSVA) cannot connect to the syslog server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix prevents IMSVA from sending the syslog output to the terminal console when it cannot connect to the syslog server. [Hotfix 1984] Issue 1: dtasagent may send a large number of unnecessary error notifications to administrators. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves this issue. [Hotfix 1987] Issue 1: A case-sensitivity issue related to the DFA table prevents the eManager(TM) 7.5 module from matching file names properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the eManager module to resolve this issue. Issue 2: There are proposed Active Update (AU) security enhancements for Trend Micro Deep Discovery Email Inspector in InterScan Messaging Security Virtual Appliance (IMSVA). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix applies these enhancements to IMSVA. Issue 3: The IMSVA services restart even when the expiration date has not been renewed manually online. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves this issue. Issue 4: Users encounter a "Fail to Create Scan Option for eManager" error when creating a policy with keywords or expressions that contain "人種差別". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix ensures that users can create policies normally. Issue 5: IMSVA is affected by a potential Spectre SWAPGS gadget vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix upgrades the Linux kernel to remove the vulnerability. Issue 6: An issue related to the Archive Area size calculation triggers IMSVA to send out notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix increases the sub-folder calculation count from 4 to 16 to help prevent the issue. Issue 7: The Data Loss Prevention(TM) (DLP) policy blocks certain attachments incorrectly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix updates the eManager module to resolve this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To apply the changes: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "general" section and set it to "no": [general] KeepOriginTypeForEncryptedFile=no 4. Save the changes and close the file. 5. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart [Hotfix 1988] Issue 1: InterScan Messaging Security Virtual Appliance (IMSVA) sends Web Reputation Services (WRS) queries without the product GUID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix adds the product GUID information in WRS queries. Issue 2: An issue prevents IMSVA from detecting spoof email messages that contain a double at sign "@@" in the sender domain. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates "libFilterAntiSpoof.so" to resolve this issue. Issue 3: The blocked domain list supports only up to 5000 entries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix allows users to set the maximum supported entries for the blocked domain list on CPF. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To apply the changes: 1. Install this hotfix (see "Installation"). 2. Insert a record into the IMSVA database by running the following SQL statement: insert into tb_global_setting (section, name, value, inifile) values ('pre-filter', 'approved_sender_list_limit', '5000', 'imss.ini'); insert into tb_global_setting (section, name, value, inifile) values ('pre-filter', 'blocked_sender_list_limit', '5000', 'imss.ini'); 3. Run the following command in the IMSS backend: /opt/trend/imss/script/S99ADMINUI restart Issue 4: An issue prevents IMSVA from inserting stamps in text/plain entities on specific messages from any iOS platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix upgrades the third-party TmMsg module to resolve this issue. Issue 5: The "TaskTimeout" setting for smart_scan remains at 1500 (ms) after the value of "query_timeout_ms" has been updated to 3500 (ms). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix updates "libFilterVirus.so" to resolve the issue. Issue 6: Trend Micro Deep Discovery Analyzer returns a server error when it receives a URL sample that contains square brackets in the domain part from other Trend Micro products. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix updates some internal modules to fix this issue. Enhancement 1: This hotfix provides a way to export the TLS status from message tracking reports. [Hotfix 1989] Issue 1: The view of message header only shows up to 2 KB on the Mail Areas & Queues Management in the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix allows users to configure the maximum length of message header shown on the Mail Areas & Queues Management within a range between 2048 and 10240. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To show up to 10240 bytes (10 KB) of the message header: 1. Install this hotfix (see "Installation"). 2. Connect to the IMSVA database by running the following command. /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Insert the new row for MsgHeaderMaxLimit into the table tb_global_setting by running the SQL command one line by one line. INSERT INTO tb_global_setting VALUES ('general','MsgHeaderMaxLimit','10240','imss.ini','' ); 4. Quit the psql program by running the following command. \q 5. Restart the Manager service by running the following command. /opt/trend/imss/script/S99MANAGER restart Issue 2: The handoff message does not display and the "unknown mail transport error" message appears instead when the hostname for the handoff host is too long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the corresponding regular expression in the header_checks file to ensure that the handoff message displays normally when the handoff host hostname is long. Issue 3: The non-default Active Update settings support https protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates the "libtmau.so" to resolve this issue. Enhancement 1: This hotfix provides a way to apply SMTP throttling to specific senders only. [Hotfix 1996] Issue 1: There are several improvements to the record sorting mechanism in widgets. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix adds a common string ascending or descending comparison algorithm for sorting records in widgets which can be activated using the new "Sort" button on the list box. Issue 2: If users repeatedly add and delete keywords and expressions without saving the changes, the case-sensitivity setting may not work during keyword and expression matching. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the caseSensitiveItems setting for mapped IDs to resolve the issue. Issue 3: There are several improvements to Web Reputation Service (WRS) logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates the WRS Score Result log level from "NORMAL" to "DIAGNOSTIC" to reduce the number of logs. Issue 4: Encrypted email messages trigger scanning exceptions for all outbound secure messages and are quarantined. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix upgrades the cryptoSDK module to resolve this issue. Issue 5: An out of memory issue occurs and the imssd process stops on IMSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix upgrades the eManager module to resolve this issue. Issue 6: Email is not quarantined when email encryption fails and the recipient can still retrieve the email that has not been encrypted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix resolves this issue. Issue 7: The imsva_91_en.criticalpatch1993.tar.gz critical patch cannot be applied to the parent IMSVA device. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix repacks the critical patch as imsva-91-en.criticalpatch-B1993-r1.tar.gz to resolve this issue. [Hotfix 1997] Issue 1: Sometimes, intended users do not to receive End User Quarantine (EUQ) digests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updated euqutil function to ensure that all intended users receive EUQ digests. Issue 2: The eManager(TM) component encounters a memory leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix enables InterScan Messaging Security Virtual Appliance (IMSVA) to set "error_code=0" before calling the eManager API to prevent the memory leak issue. Issue 3: The SPF record checking results in DMARC will appear as "failed" when it encounters an SPF record that includes macros. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates "libopendmarc.so" to resolve this issue. Issue 4: Sometimes, IMSVA sends out notification that the MsgTracing function has stopped unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix enables IMSVA to reserve certain local ports to resolve this issue. [Hotfix 2000] Issue 1: Additional End User Quarantine (EUQ) Log Action Details are needed in logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix enables EUQ to generate logs when end users take action. Issue 2: The tagged subject information does not appear in policy event and message tracking logs when there is no subject field in the original email header. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates "libFilterAction.so" to ensure that the tagged subject information appears in policy event and message tracking logs. add a hidden key to control this behavior as follows: insert into tb_global_setting (section, name, value, inifile) values ('MessageModule', 'LoggingTaggedBlankSubject', 'yes', 'imss.ini'); Issue 3: A typo which should be split rather than splitted in imssd log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix corrects the typo to resolve this issue. [Hotfix 2011] Issue 1: Some long URLs may become unavailable after InterScan Messaging Security Virtual Appliance (IMSVA) re-writes them. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue by ensuring that IMSVA rewrites long URLs correctly. Issue 2: An issue prevents the "Header keyword expressions" filter in IMSVA from matching certain types of S/MIME email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the "Header keyword expressions" filter works normally. Issue 3: An exception error appears when IMSVA attempts to display a quarantined message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that IMSVA can query quarantined messages correctly. Issue 4: The OpenSSH module in IMSVA is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix updates the OpenSSH module to resolve the vulnerability. Issue 5: An issue prevents users from querying the status of a Log Query and receiving the delivery feedback. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix enables the "Message Tracking" page of the IMSVA web console to display the delivery status of the handoff action. Issue 6: Credit card information in email messages cannot be matched. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix updates the eManager(TM) module to resolve this issue. Issue 7: ActiveUpdate (AU) may not work when the Legion Object Identifier (LOID) exceeds 2 GB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix upgrades "libtmau.so" to resolve this issue. Enhancement 1: This hotfix enables IMSVA to support Trend Micro Email Security (TMEMS) migration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable IMSVA to support TMEMS migration: 1. Install this hotfix (see "Installation"). 2. Insert one record into the IMSVA database by running the following SQL statements: insert into tb_global_setting (section, name, value, inifile) values ('imp_exp', 'enable_ems_migrate', '1', 'imss.ini'); Enhancement 2: This hotfix merges the policy search tool for InterScan Messaging Security Suite (IMSS) 9.1 with IMSVA 9.1. [Hotfix 2014] Issue 1: Under certain conditions, InterScan Messaging Security Virtual Appliance (IMSVA) inserts inaccurate dmarc check result in the email header. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that IMSVA inserts the correct information to email headers. Issue 2: Some valid DKIM signed email messages are tagged as failed verification by mistake. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue. Issue 3: The IMSVA program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the vulnerability. Issue 4: When there are too many files to be sent to Trend Micro Deep Discovery Analyzer, the IMSVA cache for virtual analyzer fills up which may cause analysis to take too long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix improves the cache query speed to resolve the issue. Issue 5: There are extra spaces in the DKIM signature DNS Record in the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix removes the extra spaces from the DKIM signature DNS record. Enhancement 1: This hotfix enables users to specify a DNS for anti-spam engine use only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To set a DNS for anti-spam engine use only: 1. Install this hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.inis" using a text editor. 3. Locate or add the "[in-the-cloud]" section and add the following value: [in-the-cloud] dns_for_tmase=ww.xx.yy.zz (specific DNS server, accepts only one DNS server) 4. Save the changes and close the file. 5. Restart the scanner using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 2: This hotfix disables port 8009 for external devices. [Hotfix 2021] Issue 1: When InterScan Messaging Security Virtual Appliance (IMSVA) imports information from the database into a file, some IP addresses may not appear in the approved list of the Email Reputation Service (ERS). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix helps ensure that all required and relevant information is imported correctly. Issue 2: An issue prevents the IMSVA true file type policy from detecting "LHA" and "LZH" files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the issue. Issue 3: IMSVA scanner does not work when there are no matching policies and the "Suspicious URL list" is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue. Issue 4: Sensitive words were used in the IMSVA web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix replaces sensitive words on the IMSVA web console. Issue 5: Inaccurate logs display on the IMSVA web console when users click the back button on the browser. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix resolves the issue. Issue 6: The message tracing feature may stop unexpectedly due to an exception. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix improves the stability of the message tracing module to resolve this issue. Issue 7: The IMSVA program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix updates the Java(TM), Apache(TM), and Tomcat(TM) modules to resolve the vulnerability. Enhancement 1: This hotfix enables users to configure IMSVA to notify administrators by email message or SNMP trap if there is insufficient free space on the root partition. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable the notification for insufficient free space in the root partition: 1. Install this hotfix (see "Installtion"). 2. Ensure that the "Delivery Settings" in the "Administration > Notifications > Delivery Settings" page have been configured, otherwise, IMSVA will not be able to notify administrators. 3. Connect to the database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 4. Add the following hidden keys in the database by running the following commands in order: 4.1 To configure notification by email message, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartitionEmail', 'yes', 'imss.ini', NULL); 4.2 To configure notification by SNMP trap, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartitionSNMP', 'yes', 'imss.ini', NULL); 4.3 To configure the notification threshold for root partition size, for example, to set it to 1024 MB (Default), run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartitionSize', '1024', 'imss.ini', NULL); 4.4 To configure the email subject, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartition_Subject', 'Free disk space (%FREESPACE%) of root partition %FOLDERPATH% on scanner(%HOSTNAME%) is below threshold.', 'imss.ini', NULL) NOTE: This is optional, if not configured, IMSVA will use the data partition notification template in the "Administration > Notifications" page. Click "Data partition free space on any host is less than" to edit and use the "%FOLDERPATH%" variable to replace the hardcoded partition name. 4.5 To configure the email message, run: INSERT INTO tb_global_setting VALUES ('General-Notification', 'FreeRootPartition_Message', 'Free disk space (%FREESPACE%) of root partition %FOLDERPATH% on scanner(%HOSTNAME%) is below threshold.', 'imss.ini', NULL); NOTE: This is optional. 4.6 To configure the SNMP message, run: INSERT INTO tb_global_setting VALUES ('General-Notification','FreeRootPartition_SNMPMes sage', 'Free disk space (%FREESPACE%) of root partition %FOLDERPATH% on scanner(%HOSTNAME%) is below threshold.','imss.ini', NULL); NOTE: This is optional. 5. Close the database connection using the following command: \q 6. Restart the monitor service using the following command. /opt/trend/imss/script/S99MANAGER restart To disable the notification for insufficient free space in the root partition: 1. Connect to the database by running the following command: /opt/trend/imss/PostgreSQL/bin/psql imss sa 2. Update the hidden keys in the database by running the following commands: 2.1 Disable the email notifications by running the following command. update tb_global_setting SET value = 'no' where section = 'General-Notification' AND name = 'FreeRootPartitionEmail'; 2.2 Disable the SNMP trap notifications by running the following command. update tb_global_setting SET value = 'no' where section = 'General-Notification' AND name = 'FreeRootPartitionSNMP'; 3. Close the database connection using the following command: \q 4. Restart the monitor service by running the following command. /opt/trend/imss/script/S99MANAGER restart [Hotfix 2025] Issue 1: Users cannot set the "Non-existing recipients exceeds" value of the DHA Attack rule to "0". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix allows users to set the DHA Attack rule "Non-existing recipients exceeds" value to "0". Issue 2: There is an issue with the default value of "smtp_line_length_limit". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix sets "smtp_line_length_limit=1000". Issue 3: The Active Update (AU) module is affected by a vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix updates the AU module to resolve the vulnerability. Enhancement 1: This Hotfix allows users to configure InterScan Messaging Security Virtual Appliance (IMSVA) to send BCC email messages in a new session. Enhancement 2: This Hotfix enables IMSVA to support synchronizing custom attributes as email addresses. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2020, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide