<> Trend Micro Incorporated September 8, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) (for Microsoft(TM) Exchange(TM)) 14 Patch 1 Build 1334 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail (for Microsoft Exchange) 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail (for Microsoft Exchange) ====================================================================== ScanMail protects Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. Use the ScanMail installation program to quickly install ScanMail to one or more, local or remote, Exchange servers. Once installed, ScanMail can protect your servers in real time against viruses/malware, Trojans, worms, and spyware/grayware. ScanMail sustains business and network integrity by screening out spam messages and messages containing undesirable or unwanted content. ScanMail monitors and protects sensitive information that is traveling across your network. 1.1 Overview of This Release =================================================================== ScanMail (for Microsoft Exchange) 14 Patch 1 consolidates all solutions to issues resolved after the release of ScanMail (for Microsoft Exchange) 14. 1.2 Who Should Install This Release =================================================================== You should install this Patch if you are currently running ScanMail (for Microsoft Exchange) 14. 2. What's New ====================================================================== NOTE: Please install the Patch before completing any procedures in this section (see "Installation"). This patch addresses the following issues and includes the following enhancements: 2.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [SEG-52055] Attachment Blocking Filter and Virtual Analyzer - This patch enables users to configure ScanMail to detect PDF files with embedded scripts through the attachment blocking filter settings and in Virtual Analyzer. Enhancement 2: Approved List - This patch provides global approved list feature to enable ScanMail to bypass all scanning for specific senders and recipients. Enhancement 3: [SEG-42090] Security Risk Filter - This patch allows users to create an approved list of file extension name(s) such as "jretk" for the Security Risk filter. Enhancement 4: TrendX - This patch enables ScanMail to support Signature extraction in TrendX. Enhancement 5: ScanMail Configuration - This patch migrates some common hidden keys to the web console to allow users to configure the related feature from the ScanMail web console. Enhancement 6: Data Loss Prevention Template - This patch updates the Data Loss Prevention(TM) (DLP) template to version 3.1.1036. Enhancement 7: [SEG-45978] [SEG-52236] [Hotfix 2041] Content Violation Logs - This patch enables ScanMail to send unscannable message parts logs to Trend Micro Control Manager(TM). These logs will appear under Content Violations logs. NOTE: For the solution to work, you need to apply "tmcm_70_patch1_win_en_hfb3097.zip" onto Control Manager 7 first. The hotfix can be downloaded from the following link: https://fix-int.trendmicro.com/product/10/release/429/hotfix/9828 Enhancement 8: [SEG-47536] [Hotfix 2046] Log Queries - ScanMail uses the Envelope Sender of an email message as the Mail Sender in some features and stores this information in the database. This means that Envelop Sender will appear as the sender information in Log Query results. This patch provides an option for users to configure ScanMail to use and store the address from the "From" header for the sender information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: UseHeaderSenderInLog Type: REG_DWORD Data value: "1" = ScanMail uses and stores the information in the "From" header as the mail sender "0" = ScanMail uses and stores the envelope sender of an email message as the mail sender(default) 4. Restart the ScanMail service. Enhancement 9: [SEG-54685] [JP Hotfix 2641] Email Scans - ScanMail cannot scan deleted email messages in the Recoverable Folder in Exchange 2013 and Exchange 2016. This patch provides an option to configure ScanMail to scan deleted email messages in the Recoverable Folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: SkipScanDeletedRecoverableFolder Type: REG_DWORD Data value: "1" = ScanMail does not scan deleted email messages in the Recoverable Folder(default) "0" = ScanMail scans deleted email messages in the recoverable folder 4. Restart the ScanMail service. 2.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: [SEG-50638] [Hotfix 1311] The System Watcher service closes immediately after starting or restarting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch ensures that the System Watcher service runs normally. Issue 2: [SEG-51208] [Hotfix 1310] Users encounter the following issues while running a Quarantine Query on a remote server(s): (1) After users delete a message from the quarantine folder using the "Delete" button, the confirmation pop up and progress bar appear, but the message remains in the query results and in the quarantine folder. (2) If a query returns multiple pages of results, clicking the next page arrow resets the page view. (3) When users click the "Search", "Delete" or "Resend" button, the "Selected Server(s)" and "Available Server(s)" lists are displayed empty. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch resolves the issues above. Issue 3: [SEG-47942] [Hotfix 2037] When users send time-of-click (TOC) log queries to remote servers and filter results by URL, the query results still display all TOC logs, but those sent to local servers can filter the results normally. This happens because the URL filter is not carried to the remote server so remote servers respond with all TOC logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch adds the URL parameter in the remote query function to resolve this issue. Issue 4: [SEG-47788] Exchange email messages cannot be detected as internal messages so that system email messages are sent to Trend Micro Deep Discovery Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch prevents ScanMail from sending system- generated email messages to Deep Discovery Analyzer. Issue 5: [SEG-43197] Manual Scan takes a long time to complete when the "Scan messages that have not been scanned" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that manual scans run normally with the option. Issue 6: [SEG-48122] [Hotfix 2040] ScanMail may encounter a mail loop issue when the "Submit email messages to Virtual Analyzer" option is enabled simultaneously with the URL rewrite feature. This happens when ScanMail cannot verify if the URL has already been rewritten or not, and keeps attempting to rewrite the URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch resolves this known issue. Issue 7: [SEG-42320] [Hotfix 1823] An issue prevents ScanMail for Microsoft Exchange from running certain database operations that contain datetime information on some Microsoft Windows(TM) platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch resolves the issue by changing the datetime format in the affected database operations. Issue 8: [SEG-48497] [Hotfix 2045] Users cannot delete items from a mailbox using the Search & Destroy function because certificate validation by EWS Managed API is not successful. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that certificate validation by EWS Management API completes successfully. Issue 9: [SEG-53244] [Hotfix 2045] The TrendMicro Site Safety Center URL "http://reclassify.wrs.trendmicro.com" in the "Web Reputation Filter" page of the ScanMail web console cannot be accessed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch updates the TrendMicro Site Safety Center URL on the page to "https://global.sitesafety.trendmicro.com". Issue 10: [SEG-52663] The "Take action on unrated URLs" option in the Web Reputation settings is disabled automatically when the "Enable URL Analysis" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch ensures that the "Take action on unrated URLs" option in the Web Reputation settings can be enabled successfully when the "Submit email messages to Virtual Analyzer" or "Enable URL Analysis" is disabled. Issue 11: [SEG-53238] [Hotfix 1321] The ScanMail 14 Online Help page redirects to ScanMail 12.5 pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch ensures that the Online Help page redirects to the correct pages. NOTE: Clear your browser cache and log in to ScanMail again after applying this patch. Issue 12: [SEG-51440] [Hotfix 2044] A URL extracted from an email message with text/plain content type but is in RTF format may not contain the "\line" RTF flag and may be rewritten. When this happens, the email message will not display correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch enables ScanMail to correctly identify that a plain text email message that starts with an RTF flag is in RTF format. This allows ScanMail to skip rewriting URLs in this kind of email messages. Issue 13: [SEG-51783] The DLP policy exception does not work if other non-exception addresses are listed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch resolves the issue by adding a boundary match and a condition to decide whether to retrieve the recipient information from an email message. Issue 14: [SEG-57951] The following issues have been discovered in ScanMail: 1. The following System Event settings cannot be replicated through the "Server Management" page of the web console or through Control Manager. - Predictive Machine Learning service was - Writing Style service was 2. The "Apply All" button on the Notification Settings section of the Administration web console does not work on the following alert settings: - System Event Predictive Machine Learning service was - Writing Style service was ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch ensures that both System Event settings can be replicated through the "Server Management" page and the Control Manager web console. This patch also ensures that the "Apply All" button works on both alert settings. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying ScanMail (for Microsoft Exchange). - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== There are no changes to the system requirements in the ScanMail (for Microsoft Exchange) 14 readme file. 5. Installation ====================================================================== This section explains key steps for installing. - This Patch supports remote and multi-server deployment. - This Patch automatically restarts the following services on both Normal and Cluster Servers: - ScanMail (for Microsoft Exchange) Master Service - ScanMail (for Microsoft Exchange) Remote Configuration Server - ScanMail (for Microsoft Exchange) System Watcher - ScanMail EUQ Monitor - Microsoft Exchange Transport - MOM service - HealthService service - To install or uninstall this Patch, you must have at least local administrator and domain user privileges. 5.1 Installing =================================================================== To install: 1. Log on using an account with local administrator and domain privileges. 2. Run "smex_140_win_en_b1334.exe" and select "Install". The framework automatically installs the Patch to the appropriate directory, replaces the outdated files, and updates the database. The "Successfully completed" count increases upon the completion of the installation. 3. Clear the browser cache and re-launch the browser. 5.2 Uninstalling =================================================================== To roll back to the previous build, run "smex_140_win_en_b1334.exe" and select "uninstall". The framework automatically rolls back to the previous build and a confirmation message indicating a successful uninstallation is displayed on the setup screen. 6. Post-Installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues in this release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download ScanMail 12.0 for Microsoft Exchange March 2016 ScanMail 12.0 for Microsoft Exchange Service Pack 1 November 2016 ScanMail 12.5 for Microsoft Exchange November 2017 ScanMail 12.5 for Microsoft Exchange Service Pack 1 August 2018 ScanMail 14.0 for Microsoft Exchange June 2019 9. Files Included in This Release ====================================================================== This is a full package release. Detail files list refer to ScanMail (for Microsoft Exchange) 14 installation package. 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2019, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide