<> Trend Micro Incorporated August 6th, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan Messaging Security Suite 9.1 - Patch 1 English - Linux - 32-bit / 64-bit Critical Patch - Build 1416 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== This Critical Patch resolves the following issue(s): Issue 1: Extra spaces are added to specific message subject lines when IMSS executes the "tag subject" action. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Issue 2: When 9.1.0 (IMSS) uses Trend Micro Anti Spam Engine 8.6, the Macrowave feature, implemented in build 1323, may treat normal email messages as spam. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix resolves this false positive issue. Issue 3: InterScan Messaging Security Suite (IMSS) uses a version of the libxml2 third-party library that is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix resolves the issue. 1.2 Enhancements ==================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in This Release ==================================================================== A. Files for Current Issues ------------------------------------------------------------- Filename Build No. ---------------------------------------------------------- imssd 9.1.0.1416 libFilterSpsTmase.so 9.1.0.1416 libIMSSjni.so 9.1.0.1416 imp_exp 9.1.0.1416 Files for Issue 1 ---------------------------------------------------------- libFilterAction.so 9.1.0.1416 libtmmsg.so 9.1.0.1416 imssd 9.1.0.1416 Files for Issue 2 ---------------------------------------------------------- libFilterSpsTmase.so 9.1.0.1416 Files for Issue 3 ---------------------------------------------------------- libxml2.so 9.1.0.1416 B. Files for Previous Issues ------------------------------------------------------------- libFilterWrs.so 9.1.0.1409 tables.lua 9.1.0.1404 libFilterAction.so 9.1.0.1404 libtmau.so 9.1.0.1379 libtmaseng.so 9.1.0.1379 libtmaseng.so.zip 9.1.0.1379 postfix_service_mod.sh 9.1.0.1375 imssctl.sh 9.1.0.1375 S99DKIM 9.1.0.1375 imssmgr 9.1.0.1375 libatse.so 9.1.0.1373 libvsapi.so 9.1.0.1373 libFilterEmgrPlugin.so 9.1.0.1371 dtasagent 9.1.0.1371 imsscmagent 9.1.0.1371 libFilterWrs.so 9.1.0.1371 AddBlockIPAction.class 9.1.0.1371 AddWhiteIPAction.class 9.1.0.1371 BouncedSettingAction.class 9.1.0.1371 ConnSettingAction.class 9.1.0.1371 DelBlockIPAction.class 9.1.0.1371 DelWhiteIPAction.class 9.1.0.1371 DHASettingAction.class 9.1.0.1371 MoveBlockIPAction.class 9.1.0.1371 NRSSettingAction.class 9.1.0.1371 SpamSettingAction.class 9.1.0.1371 UpdateBlockIPAction.class 9.1.0.1371 UpdateWhitelistAction.class 9.1.0.1371 VirusSettingAction.class 9.1.0.1371 LogSettingAction.class 9.1.0.1371 LogSyslogSettingAction.class 9.1.0.1371 AdminDBAction.class 9.1.0.1371 AdminDBAction$1.class 9.1.0.1371 SyslogSettingDAO.class 9.1.0.1371 AccountParser$AccountContentHandler.class 9.1.0.1371 AccountParser.class 9.1.0.1371 BatchParser.class 9.1.0.1371 BatchParser$BatchContentHandler.class 9.1.0.1371 BundleParser.class 9.1.0.1371 BundleParser$BundleContentHandler.class 9.1.0.1371 DomainParser$DomainContentHandler.class 9.1.0.1371 DomainParser.class 9.1.0.1371 DomainPolicyParser$DomainPolicyContentHandler.class 9.1.0.1371 DomainPolicyParser.class 9.1.0.1371 DomainSettingParser$DomainSettingContentHandler.class 9.1.0.1371 DomainSettingParser.class 9.1.0.1371 InboundServerParser$InboundServerContentHandler.class 9.1.0.1371 InboundServerParser.class 9.1.0.1371 JobParser.class 9.1.0.1371 JobParser$JobContentHandler.class 9.1.0.1371 MailTrackParser.class 9.1.0.1371 MailTrackParser$MailTrackContentHandler.class 9.1.0.1371 OutboundIPParser.class 9.1.0.1371 OutboundIPParser$OutboundIpContentHandler.class 9.1.0.1371 PrefilterErrorParser.class 9.1.0.1371 PrefilterErrorParser$PrefilterErrorContentHandler.class 9.1.0.1371 RcptDeletedParser.class 9.1.0.1371 RcptDeletedParser$RcptDeletedContentHandler.class 9.1.0.1371 RecipientParser$RecipientContentHandler.class 9.1.0.1371 RecipientParser.class 9.1.0.1371 RegionAddressParser.class 9.1.0.1371 RegionAddressParser$RegionAddressContentHandler.class 9.1.0.1371 SenderParser.class 9.1.0.1371 SenderParser$SenderContentHandler.class 9.1.0.1371 ThreatSummaryParser.class 9.1.0.1371 ThreatSummaryParser$ThreatSummaryContentHandler.class 9.1.0.1371 TotalTrafficParser.class 9.1.0.1371 TotalTrafficParser$TotalTrafficContentHandler.class 9.1.0.1371 DeliveryPolicyDAO.class 9.1.0.1371 PostfixQueueDAO.class 9.1.0.1371 PostfixQueueMail.class 9.1.0.1371 PostfixQueueMailList.class 9.1.0.1371 PostfixQueueQueryTask.class 9.1.0.1371 PostfixQueueOptTask.class 9.1.0.1371 PostfixDAO.class 9.1.0.1371 Postfix.class 9.1.0.1371 PostfixQueueMgmtAction.class 9.1.0.1371 PostfixQueueMgmtForm.class 9.1.0.1371 PostfixJNI.class 9.1.0.1371 MtaSummaryActionTask.class 9.1.0.1371 MtaSummaryAction.class 9.1.0.1371 AddrGroupAction.class 9.1.0.1371 AddRuleAction.class 9.1.0.1371 ComplianceTemplatesAction$EntityComparator.class 9.1.0.1371 ComplianceTemplatesAction.class 9.1.0.1371 DDAServerMgmtAction.class 9.1.0.1371 DDASettingAction$1.class 9.1.0.1371 DDASettingAction.class 9.1.0.1371 DKIMWhiteListSettingAction.class 9.1.0.1371 ExpressionAction.class 9.1.0.1371 FileAttributeAction.class 9.1.0.1371 InterAddrAction.class 9.1.0.1371 KeywordListsAction.class 9.1.0.1371 PwdProtectAction.class 9.1.0.1371 RuleActionNamedObjAction.class 9.1.0.1371 RuleActionNotifyAction.class 9.1.0.1371 RuleActionStampAction.class 9.1.0.1371 RuleActionTagAction.class 9.1.0.1371 RuleAttrAntiSpoofAction.class 9.1.0.1371 RuleAttrCCCAAction.class 9.1.0.1371 RuleAttrComplianceFilterAction.class 9.1.0.1371 RuleAttrDKIMEnforcementAction.class 9.1.0.1371 RuleAttrGraymailAction.class 9.1.0.1371 RuleAttrMIMEAction.class 9.1.0.1371 RuleAttrNameAction.class 9.1.0.1371 RuleAttrSpamAction.class 9.1.0.1371 RuleAttrTimeRangeAction.class 9.1.0.1371 RuleAttrTrueFileAction.class 9.1.0.1371 RuleAttrWrsAction.class 9.1.0.1371 RuleDetailAction.class 9.1.0.1371 RuleListAction.class 9.1.0.1371 ScanModeAction.class 9.1.0.1371 SecViolateAction.class 9.1.0.1371 SmartProtectionLocalSourceAction.class 9.1.0.1371 SmartProtectionLocalSourceAction$1.class 9.1.0.1371 SmartProtectionScanServiceAction.class 9.1.0.1371 SmartProtectionWRServiceAction.class 9.1.0.1371 VirusRuleAction.class 9.1.0.1371 AddDomainAction.class 9.1.0.1371 DomainListAction.class 9.1.0.1371 DstServerListAction.class 9.1.0.1371 QtEditAreaAction.class 9.1.0.1371 QtSettingsAction.class 9.1.0.1371 ConnBasicAction.class 9.1.0.1371 ConnChildIPAction.class 9.1.0.1371 ConnLDAPAction.class 9.1.0.1371 ConnLDAPAction$1.class 9.1.0.1371 ConnNTPAction.class 9.1.0.1371 ConnTMCMAction.class 9.1.0.1371 DkimSignAction$LogLevel.class 9.1.0.1371 DkimSignAction.class 9.1.0.1371 DkimSignAction$1.class 9.1.0.1371 InternalHostAction$PageList.class 9.1.0.1371 InternalHostAction.class 9.1.0.1371 MTASettingAction$4.class 9.1.0.1371 MTASettingAction$2.class 9.1.0.1371 MTASettingAction$16.class 9.1.0.1371 MTASettingAction.class 9.1.0.1371 MTASettingAction$26.class 9.1.0.1371 MTASettingAction$19.class 9.1.0.1371 MTASettingAction$10.class 9.1.0.1371 MTASettingAction$17.class 9.1.0.1371 MTASettingAction$13.class 9.1.0.1371 MTASettingAction$25.class 9.1.0.1371 MTASettingAction$22.class 9.1.0.1371 MTASettingAction$3.class 9.1.0.1371 MTASettingAction$6.class 9.1.0.1371 MTASettingAction$20.class 9.1.0.1371 MTASettingAction$7.class 9.1.0.1371 MTASettingAction$15.class 9.1.0.1371 MTASettingAction$12.class 9.1.0.1371 MTASettingAction$23.class 9.1.0.1371 MTASettingAction$21.class 9.1.0.1371 MTASettingAction$14.class 9.1.0.1371 MTASettingAction$8.class 9.1.0.1371 MTASettingAction$1.class 9.1.0.1371 MTASettingAction$11.class 9.1.0.1371 MTASettingAction$9.class 9.1.0.1371 MTASettingAction$5.class 9.1.0.1371 MTASettingAction$18.class 9.1.0.1371 MTASettingAction$24.class 9.1.0.1371 LoginAction.class 9.1.0.1371 ImssCsrfRequestMatcher.class 9.1.0.1371 SessionFilter.class 9.1.0.1371 ComplianceTemplateWSAction.class 9.1.0.1371 DataIdentifierWSAction.class 9.1.0.1371 LdapUserWSAction$1.class 9.1.0.1371 LdapUserWSAction.class 9.1.0.1371 PolicyWSAction.class 9.1.0.1371 XMLAddressGroup.class 9.1.0.1371 XMLArea.class 9.1.0.1371 XMLKeyword.class 9.1.0.1371 XMLNotification.class 9.1.0.1371 XMLStamp.class 9.1.0.1371 common/SessionKeys.class 9.1.0.1371 SameSiteCheck.xml 9.1.0.1371 tlsagent 9.1.0.1371 EUQAccessAction.class 9.1.0.1371 ConfigDomain.class 9.1.0.1371 ComplianceLogParser.class 9.1.0.1371 ComplianceTemplateInterface.class 9.1.0.1371 DLPExpressionInterface.class 9.1.0.1371 DLPFileAttributeInterface.class 9.1.0.1371 DLPKeywordInterface.class 9.1.0.1371 libImssCommon.so 9.1.0.1371 libImssDAO.so 9.1.0.1371 imsa8WrsCategory.properties 9.1.0.1371 imsa8WrsCategory_en.properties 9.1.0.1371 prcmd 9.1.0.1371 AdminAccountService.class 9.1.0.1371 AdminAccountDao.class 9.1.0.1371 AdminAccountMapper.class 9.1.0.1371 liblogin.so 9.1.0.1371 imsva_pd_util 9.1.0.1371 ip_whitelist_details.jsp 9.1.0.1368 imss6Policy.properties 9.1.0.1368 imss6Policy_en.properties 9.1.0.1368 imssps 9.1.0.1368 tomcat/* 9.1.0.1368 UI/adminUI/conf/server.xml 9.1.0.1368 UI/euqUI/conf/server.xml 9.1.0.1368 euqutil 9.1.0.1368 UI/javaJRE/* 9.1.0.1368 UI/apache/* 9.1.0.1368 libtmactupdate.so 9.1.0.1368 libpatch.so 9.1.0.1368 liblwtpciu32.so 9.1.0.1368 libciuas32.so 9.1.0.1368 expapply.so 9.1.0.1368 cert5.db 9.1.0.1368 AuPatch 9.1.0.1368 aumsg.0 9.1.0.1368 aumsg.932 9.1.0.1368 aumsg.936 9.1.0.1368 aumsg.949 9.1.0.1368 aumsg.950 9.1.0.1368 S99LOCALSERVERMGMT 9.1.0.1368 release_java.sh 9.1.0.1366 left_0530.jsp 9.1.0.1366 smartsearch_imss.dat 9.1.0.1366 smartsearch.dat 9.1.0.1366 ip_whitelist_add.jsp 9.1.0.1366 ip_whitelist.jsp 9.1.0.1366 left_ipPage.jsp 9.1.0.1366 add_white_list.jsp 9.1.0.1366 dkim_white_list_import.jsp 9.1.0.1366 ApplyWhiteList.class 9.1.0.1366 WhitelistAction.class 9.1.0.1366 aucmd 9.1.0.1363 libImssCrypto.so 9.1.0.1363 policy_search.jsp 9.1.0.1362 imss7PolicySearch.properties 9.1.0.1362 rule_attr_keyword_list.jsp 9.1.0.1357 imss-resources.xml 9.1.0.1357 policy_search_tool_style.css 9.1.0.1357 query_prev.gif 9.1.0.1357 query_next.gif 9.1.0.1357 query.gif 9.1.0.1357 LogoTrendMicro_3d.gif 9.1.0.1357 PolicySearchAction.class 9.1.0.1357 PolicySearchDAO.class 9.1.0.1357 PolicySearchConstants.class 9.1.0.1357 PolicySearchResult.class 9.1.0.1357 imssOLH.properties 9.1.0.1357 BackupAction$1.class 9.1.0.1357 BackupAction$ConfigFileNameFilter.class 9.1.0.1357 BackupAction.class 9.1.0.1357 libz.so.1 9.1.0.1347 apply_db.sh 9.1.0.1347 imsstasks 9.1.0.1347 apply_app.sh 9.1.0.1347 TmFoxProxy 9.1.0.1347 libImssPolicy.so 9.1.0.1345 libImssRule.so 9.1.0.1345 PatchAction.class 9.1.0.1345 postfix 9.1.0.1345 wrsagent 9.1.0.1345 RuleAttrKeywordAction.class 9.1.0.1341 LogQueryMsgDAO.class 9.1.0.1341 c2_proxy.jsp 9.1.0.1341 sys_updates_proxy.jsp 9.1.0.1341 libem_helpr.so 9.1.0.1341 libcme_vxe_dll.so 9.1.0.1341 libdlpEngine.so.0 9.1.0.1341 libdtsearch.so 9.1.0.1341 dtv_pdfcrypto.so 9.1.0.1341 libicudata.so.57 9.1.0.1341 libicui18n.so.57 9.1.0.1341 libicuuc.so.57 9.1.0.1341 url_sandbox_words_import.jsp 9.1.0.1341 smtp_conn.jsp 9.1.0.1341 libEUQjni.so 9.1.0.1330 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Trend Micro InterScan Messaging Security Suite 9.1 Patch 1 Build 1323 - English - Linux - x32-x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Log on to the IMSS management console. 2. Go to "Administration > Updates > System & Applications". 3. Select and upload the Critical Patch package (tar.gz). 4. After a few minutes, check the latest uploaded package information to make sure the management console has successfully uploaded the Critical Patch package to IMSS. 5. If you have set up a group of IMSS devices, select all child devices in the "Current status" section. Otherwise, select the parent device. 6. Click "Update". 7. If a group has been set up, wait for all child devices to finish updating before selecting the parent device in the "Current status" section. Otherwise, go to step 9. 8. Click "Update". 9. Wait for a few minutes and then log on to the IMSS management console. 10. Go to "Administration > Updates > System & Applications". 11. Verify that the "OS version"/"Application version" values for all items in the "Current status" section match the Critical Patch version. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Log on to the IMSS management console. 2. Go to "Administration > Updates > System & Applications". 3. Under "Host Name", click the name of the device you want to view. A summary screen appears showing the updates and related log information. 4. To remove an update, click "Rollback". 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1409] Issue 1: An issue prevents InterScan Messaging Security Suite (IMSS) from correctly matching certain special URLs to the Web Reputation Approved List. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Enhancement 1: This Hotfix updates some default CMAgent settings. [Hotfix 1407] Issue 1: An issue prevents InterScan Messaging Security Suite (IMSS) from correctly matching certain special URLs to the Web Reputation Approved List. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. [Hotfix 1404] Issue 1: An issue prevents InterScan Messaging Security Suite (IMSS) from importing the "Preferred charset" setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Issue 2: Extra spaces are added to specific message subject lines when IMSS executes the "tag subject" action. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix resolves the issue. [Hotfix 1379] Issue 1: When pattern update is enabled both from the InterScan Messaging Security Suite (IMSS) Active Update server and Trend Micro Apex Central(TM), some backup files may remain in the backup folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix ensures backup files are cleaned promptly. Issue 2: Users encounter a high CPU usage issue when IMSS scans certain email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix upgrades the TMASE module to resolve this issue. [Hotfix 1375] Issue 1: Postfix cannot be restarted after the queue_directory is updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix updates the startup script of the Postfix service to resolve this issue. Enhancement 1: This Hotfix updates the dkim process monitor to improve its performance. [Critical Patch 1373] Issue 1: The ATSE/VSAPI engines cannot handle certain CHM files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch upgrades the ATSE/VSAPI engines to resolve this issue. [Hotfix 1371] Issue 1: InterScan Messaging Security Suite (IMSS) may use too much memory when scanning a specific email message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves this issue by adding an option to configure IMSS to skip the pivot table when scanning attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable IMSS to skip the pivot table when scanning attachments: 1. Install this Hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Add the following key under the "general" section and set its value to "yes". [general] EnableSkipExcelPivotTables=yes 4. Save the changes and close the file. 5. Restart the scanner service using the following command: /opt/trend/imss/script/S99IMSS restart Issue 2: The IMSS program is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix resolves the vulnerability. Enhancement 1: This Hotfix applies certain enhancements to improve scan result generation. [Hotfix 1368] Issue 1: Sometimes, an issue prevents imssmgr from starting the localservermgmt process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the issue. Issue 2: The Active Update (AU) module is affected by a vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix updates the AU module to resolve the vulnerability. Issue 3: InterScan Messaging Security Suite (IMSS) is affected by a certain vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix updates the Java(TM), Apache(TM), and Tomcat(TM) modules to resolve the vulnerability. Issue 4: IMSS scanner cannot work when there are no matching policies and "Suspicious URL list" is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Hotfix resolves the issue. Enhancement 1: This Hotfix replaces certain sensitive words on the IMSS web console. [Hotfix 1366] Issue 1: Sometimes, the Management Console does not restart as scheduled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves this issue. Enhancement 1: This Hotfix replaces certain sensitive words on the InterScan Messaging Security Suite (IMSS) web console. [Hotfix 1365] Enhancement 1: This Hotfix provides an option to configure InterScan Messaging Security Suite (IMSS) to insert TMASE-generated headers into email messages to allow users to create policies to catch certain headers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable IMSS to add TMASE-generated headers into email messages: 1. Install this Hotfix (see "Installation"). 2. Open the "/opt/trend/imss/config/imss.ini" file. 3. Locate or create the "[tmase]" section. 4. Add "enable_detect_temp_qt=yes" under the "[tmase]" section. [tmase] enable_detect_temp_qt=yes NOTE: This option is disabled by default. 5. Save the changes and close the file. 6. Restart the scanner using the following command: /opt/trend/imss/script/S99IMSS restart Enhancement 2: This Hotfix replaces certain sensitive words on the Online Help document and on the IMSS web console. [Hotfix 1363] Issue 1: An issue prevents InterScan Messaging Security Suite (IMSS) from replicating configuration files from Trend Micro Apex Central(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue. Issue 2: Garbled characters appears in the error message when IMSS cannot connect to the ActiveUpdate (AU) server while running a component update from the admin console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the issue by changing "saumsg.932" to "UTF-8". Issue 3: AU may not work when the Legion Object Identifier (LOID) exceeds 2 GB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix upgrades "libtmau.so" to resolve this issue. [Hotfix 1362] Enhancement 1: Previously, when users add a stamp on the web console, InterScan Messaging Security Suite (IMSS) trims empty strings at the beginning or end of the stamp. This hotfix allows users to configure IMSS not to trim empty strings at the beginning or end of stamps. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To prevent IMSS from trimming empty strings at the beginning or end of stamps: 1. Install this hotfix (see "Installation"). 2. Open the "${IMSS_HOME}/UI/adminUI/ROOT/WEB-INF/classes/i mssDefine.properties" file. 3. Add the following key and set its value to "1". policy.stamp.notTrimEmpty=1 NOTE: To allow IMSS to delete empty strings at the start or end of stamps, set this value to "0" or delete the key. 4. Save the changes and close the file. 5. Restart the adminUI by running the following command: ${IMSS_HOME}/script/S99ADMINUI restart Enhancement 2: This hotfix enables IMSS to support Japanese (double-byte characters) keywords in the "Policy > Policy Objects > Keywords & Expressions" page. [Hotfix 1357] Issue 1: The term "splitted file name" appears in InterScan Messaging Security Suite (IMSS) logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix corrects the typographical error so "split file name" displays on IMSS logs. Issue 2: IMSS stops processing email messages unexpectedly. When this happens, email messages are reprocessed only after restarting IMSS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that IMSS processes email messages normally. Issue 3: When IMSS rewrites long URLs, some long URLs may appear broken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that IMSS can rewrite long URLs correctly. Enhancement 1: Boeing DB search tool for IMSS 7.1 needs to be updated for use with IMSS 9.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: This hotfix adds the Boeing DB search tool in IMSS 9.1. Enhancement 2: This hotfix enables IMSS to support Trend Micro Email Security (TMEMS) migration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: Procedure 1: To enables IMSS to support TMEMS migration: 1.Install this hotfix (see "Installation"). 2.Insert two records into the IMSS database by running the following SQL statements: insert into tb_global_setting (section, name, value, inifile) values ('imp_exp', 'enable_ems_migrate', '1', 'imss.ini'); [Hotfix 1347] Issue 1: RHEL 8.0 is supported on IMSS 9.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix fixed some bug to support RHEL 8.0 on IMSS 9.1 Issue 2: IMSS users can connect the database using the psql tool without "sa" password after IMSS 9.1 Patch 1 is installed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix fix the issue. Issue 3: imssd didn't start when the anti-spam pattern got updated at 23:00. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix upgrade process imsstask to fix this issue Issue 4: The default value of RetryCount ("1") is too small for the logs failing to be sent to the TMCM server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix updated the default value of retryCount to 4. Enhancement 1: IMSS cannot derive the sender and recipient addresses from the Sender Filtering detection if the SMTP connection is encrypted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: This hotfix provides the solution by changing foxproxy filter mode and postfix relevant configure. [Hotfix 1345] Issue 1: Sometimes, the Policy Service uses up a large amount of CPU resources on the InterScan Messaging Security Suite (IMSS) server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix optimized some mechanisms in the IMSS server program to resolve this issue. Issue 2: The following error message is generated while IMSS processes email messages. "[NORMAL]Fail to extract text, errcode:0x81d11318, textExtracted.nVecSize:0, filetype:6015" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the error so that IMSS can process email messages normally. Issue 3: A critical patch for Patch 1 that has been applied to a parent IMSS first cannot be applied to a child IMSS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that updates can be applied successfully on IMSS child devices. Issue 4: The IMSSD process encounters a memory leak issue when it uses eManager(TM) to scan certain special samples. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix prevents the memory leak by enabling IMSS to reset the "errcode" parameter to zero after calling the eManager API to resolve an error. Issue 5: Administrators cannot flush the Postfix queues after applying Patch 1 Build 1335. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix ensures that administrators can flush the Postfix queues normally. Issue 6: A user requests for certain updates on Web Reputation Service (WRS) logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix applies the updates on WRS logs. Enhancement 1: This hotfix enables IMSS to supports Active Update through HTTPS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable Active Update through HTTPS: NOTE: The default setting in EN version for this hotfix is HTTPS. 1. Install this hotfix (see "Installation"). 2. Connect to the IMSS database by running the following command. /opt/trend/imss/PostgreSQL/bin/psql imss sa 3. Update the values of the "UpdateServer" and "TMASEServerurl" parameters in the "tb_global_setting" table by running the following SQL commands. UPDATE tb_global_setting SET value = 'https://imss91-p.activeupdate.trendmicro.com/acti veupdate' WHERE section = 'Update' AND (name = 'UpdateServer' OR name = 'TMASEServerurl' ); 4. Quit the psql program by running the following command. \q 5. Run the following command in the IMSS backend: /opt/trend/imss/script/imssctl.sh restart [Hotfix 1341] Issue 1: A buffer overflow issue causes the imssd process to stop unexpectedly while uploading an email with a long subject containing characters that require URL-encoding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue by updating the output length checking mechanism for email subject URL encoding. Issue 2: A web console issue prevents users from configuring the keyword list setting successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the issue. Issue 3: The "Log Query" page does not display any information if users input wildcard characters in the "Recipient" field. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that the field can support wildcard characters. Issue 4: The Proxy Server information is limited to 64 characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix extends the limit to 128 characters. Issue 5: Some messages received by InterScan Messaging Security Suite (IMSS) may be delayed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix disables the Policy BCC action enhancement in the default configuration to resolve the issue. [Hotfix 1330] Issue 1: Under certain extreme scenarios, the InterScan Messaging Security Suite (IMSS) End User Quarantine (EUQ) service may not be able to retrieve some settings from the database because the database is not ready. Once this happens, the EUQ service applies the "Use LDAP for EUQ authentication" setting by default. If the "Use SMTP Server for EUQ authentication" setting is enabled, the end user will not be able to login to the EUQ service until the service restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix creates a pid file that enables the manager to restart the EUQ service under the scenario described above. Issue 2: After updating to IMSS 9.1, IMSS may take a long time to reprocess email messages from the quarantine queue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: To apply the changes: 1. Install this hotfix (see "Installation"). 2. Insert a record into the IMSS database by running the following SQL statement: insert into tb_global_setting (section, name, value, inifile) values('general','policy_evt_log_lock', '0', 'imss.ini') 3. Run the following command in the IMSS backend: /opt/trend/imss/script/imssctl.sh restart Issue 3: The IMSSqueue monitor thread may calculate the archive and quarantine sizes incorrectly and will be triggered to notify the administrator that the queue is almost full. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that IMSS calculates the queue size correctly. Issue 4: Web Reputation Service (WRS) queries are sent without the product GUID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix adds the product GUID information in WRS queries. Issue 5: Foxproxy may stop unexpectedly when the activation code is invalid and the default installation path is changed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix resolves the issue. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide