<> Trend Micro Incorporated December 12, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) for Microsoft(TM) Exchange(TM) 14 Patch 2 Build 3006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About ScanMail (for Microsoft Exchange) 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About ScanMail (for Microsoft Exchange) ====================================================================== ScanMail protects Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. Use the ScanMail installation program to quickly install ScanMail to one or more, local or remote, Exchange servers. Once installed, ScanMail can protect your servers in real time against viruses/malware, Trojans, worms, and spyware/grayware. ScanMail sustains business and network integrity by screening out spam messages and messages containing undesirable or unwanted content. ScanMail monitors and protects sensitive information that is traveling across your network. 1.1 Overview of This Release =================================================================== ScanMail (for Microsoft Exchange) 14 Patch 2 consolidates all solutions to issues resolved after the release of ScanMail for Microsoft Exchange 14 build. 1.2 Who Should Install This Release =================================================================== You should install this Patch if you are currently running ScanMail (for Microsoft Exchange) 14 build. 2. What's New ====================================================================== NOTE: Please install the Patch before completing any procedures in this section (see "Installation"). This patch addresses the following issues and includes the following enhancement: 2.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [SEG-60644][SEG-63413] This patch enables administrator to configure the type of unscannable message log ScanMail sends to Trend Micro Control Manager (TMCM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this feature: 1. Install this patch (see "Installation"). 2. Open Registry Editor. a. Locate the following key and set the preferred values as follows: - Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion - Key: SkipSendUnscannableMessageLogToCM - Type: REG_DWORD - Data value: - "0" = enable ScanMail to send unscannable message parts log to Control Manager (default). - "1" = disable ScanMail to send unscannable message parts log to Control Manager. Note: If SkipSendUnscannableMessageLogToCM is set to 1, skip step b. b. If SkipSendUnscannableMessageLogToCM is not configured or set to 0, locate the following key and set the preferred value: - Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion - Key:UnsupportMessageTypesSendToCM - Type: REG_SZ - Data value: - "1;2;3;4" = (default) ScanMail sends all types of unscannable message logs to Trend Micro Control Manager. NOTE: Seperate unscannable mesage log type by a semi-colon (;) - 1 represents "Encrypted email messages". - 2 represents "Encrypted and password protected files". - 3 represents "Files outside of scan restriction criteria". - 4 represents "Unsupported or corrupted files" 3. Restart the ScanMail service. Enhancement 2: This patch enables ScanMail to integrate with Trend Micro Cloud App Security to provide visibility of policy violation logs from one or more ScanMail servers on Cloud App Security. 2.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: [SEG-58468][Hotfix 1335] Hebrew file names do not display correctly in the Deep Discovery Analyzer web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: When attachment file names are encoded in base64, wide characters are transformed to UTF-8 before encoding. However, during base64 decoding, the function that transforms multibyte characters to wide characters is called instead of the one that transforms UTF-8 characters to wide characters. As a result, Hebrew file names cannot be displayed correctly in the Deep Discovery Analyzer web console. This patch ensures that the correct function, that transforms UTF-8 to wide characters, is called while decoding attachment file names in base64, and thus display the Hebrew file names correctly. Issue 2: [SEG-62061][Hotfix 1337] TrendX scan results on the ScanMail for Exchange console may not contain information on viruses detected in OLE layers because the scan results are released before the final scan results are recorded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch ensures that TrendX scan results are released only after the final scan results are recorded, so that the viruses detected in OLE layers appear as detected using TrendX in scan results. Issue 3: [SEG-59825] When re-sending the email with original quarantined email as attachment, the quarantined email triggeres Advanced Spam Prevention rule, and as a result, the attachment becomes a document file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch resolves this known issue. Issue 4: [SEG-63222] The numbers of DDAN submissions are sometimes mismatched between the ScanMail web console and the DDAN web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This issue is caused by inappropriate handling method on 0 size attachment. This patch resolves this known issue. Issue 5: [VRTS-3703] Code Injection vulnerability in OpenSSL/libcurl is caused by a non-privileged user or program that can put code and a config file in a known non-privileged path and make cURL automatically run the code (as an OpenSSL "engine") on invocation. If that cURL is invoked by a privileged user, it can do anything that it is designed to perform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch updates Trend Micro common modules to fix this known issue. Issue 6: [SEG-59268] Trend Micro Apex Central(TM) identifies and searches for connected ScanMail servers using hostname only, and not by FQDN or IP address. However, this method is not ideal for large environments that contain several domains where some suffixes are not in the dns-suffix-search-list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch enables Apex Central to identify connected ScanMail servers using FQDN. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying ScanMail (for Microsoft Exchange). - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ScanMail (for Microsoft Exchange). - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== There are no changes to the system requirements in the ScanMail (for Microsoft Exchange) 14 readme file. 5. Installation ====================================================================== This section explains key steps for installing. - This Patch supports remote and multi-server deployment. - This Patch automatically restarts the following services on both Normal and Cluster Servers: - ScanMail (for Microsoft Exchange) Master Service - ScanMail (for Microsoft Exchange) Remote Configuration Server - ScanMail (for Microsoft Exchange) System Watcher - ScanMail EUQ Monitor - Microsoft Exchange Transport - MOM service - HealthService service - To install or uninstall this Patch, you must have at least local administrator and domain user privileges. 5.1 Installing =================================================================== To install: 1. Log on using an account with local administrator and domain privileges. 2. Run "smex_140_win_en_patch2_b3006.exe" and select "Install". The framework automatically installs the Patch to the appropriate directory, replaces the outdated files, and updates the database. The "Successfully completed" count increases upon the completion of the installation. 3. Clear the browser cache and re-launch the browser. 5.2 Uninstalling =================================================================== To roll back to the previous build: - run "smex_140_win_en_patch2_b3006.exe" and select "uninstall"; The framework automatically rolls back to the previous build and a confirmation message indicating a successful uninstallation is displayed on the setup screen. 6. Post-Installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues in this release. 8. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download ScanMail 12.0 for Microsoft Exchange March 2016 ScanMail 12.0 for Microsoft Exchange Service Pack 1 November 2016 ScanMail 12.5 for Microsoft Exchange November 2017 ScanMail 12.5 for Microsoft Exchange Service Pack 1 August 2018 ScanMail 14.0 for Microsoft Exchange June 2019 ScanMail 14.0 for Microsoft Exchange Patch 1 September 2019 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [SEG-52055] Attachment Blocking Filter and Virtual Analyzer - This patch enables users to configure ScanMail to detect PDF files with embedded scripts through the attachment blocking filter settings and in Virtual Analyzer. Enhancement 2: Approved List - This patch provides global approved list feature to enable ScanMail to bypass all scanning for specific senders and recipients. Enhancement 3: [SEG-42090] Security Risk Filter - This patch allows users to create an approved list of file extension name(s) such as "jretk" for the Security Risk filter. Enhancement 4: TrendX - This patch enables ScanMail to support Signature extraction in TrendX. Enhancement 5: ScanMail Configuration - This patch migrates some common hidden keys to the web console to allow users to configure the related feature from the ScanMail web console. Enhancement 6: Data Loss Prevention Template - This patch updates the Data Loss Prevention(TM) (DLP) template to version 3.1.1036. Enhancement 7: [SEG-45978] [SEG-52236] [Hotfix 2041] Content Violation Logs - This patch enables ScanMail to send unscannable message parts logs to Trend Micro Control Manager(TM). These logs will appear under Content Violations logs. NOTE: For the solution to work, you need to apply "tmcm_70_patch1_win_en_hfb3097.zip" onto Control Manager 7 first. The hotfix can be downloaded from the following link: https://fix-int.trendmicro.com/product/10/release/429/hotfix/9828 Enhancement 8: [SEG-47536] [Hotfix 2046] Log Queries - ScanMail uses the Envelope Sender of an email message as the Mail Sender in some features and stores this information in the database. This means that Envelop Sender will appear as the sender information in Log Query results. This patch provides an option for users to configure ScanMail to use and store the address from the "From" header for the sender information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: - Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion - Key: UseHeaderSenderInLog - Type: REG_DWORD - Data value: - "0" = ScanMail uses and stores the envelope sender of an email message as the mail sender (default). - "1" = ScanMail uses and stores the information in the "From" header as the mail sender. 4. Restart the ScanMail service. Enhancement 9: [SEG-54685] [JP Hotfix 2641] Email Scans - ScanMail cannot scan deleted email messages in the Recoverable Folder in Exchange 2013 and Exchange 2016. This patch provides an option to configure ScanMail to scan deleted email messages in the Recoverable Folder. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the preferred value: - Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion - Key: SkipScanDeletedRecoverableFolder - Type: REG_DWORD - Data value: - "1" = ScanMail does not scan deleted email messages in the Recoverable Folder (default). - "0" = ScanMail scans deleted email messages in the recoverable folder. 4. Restart the ScanMail service. 8.1.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: [SEG-50638] [Hotfix 1311] The System Watcher service closes immediately after starting or restarting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch ensures that the System Watcher service runs normally. Issue 2: [SEG-51208] [Hotfix 1310] Users encounter the following issues while running a Quarantine Query on a remote server(s): - After users delete a message from the quarantine folder using the "Delete" button, the confirmation pop up and progress bar appear, but the message remains in the query results and in the quarantine folder. - If a query returns multiple pages of results, clicking the next page arrow resets the page view. - When users click the "Search", "Delete" or "Resend" button, the "Selected Server(s)" and "Available Server(s)" lists are displayed empty. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch resolves these knwon issues. Issue 3: [SEG-47942] [Hotfix 2037] When users send time-of-click (TOC) log queries to remote servers and filter results by URL, the query results still display all TOC logs, but those sent to local servers can filter the results normally. This happens because the URL filter is not carried to the remote server so remote servers respond with all TOC logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch adds the URL parameter in the remote query function to resolve this issue. Issue 4: [SEG-47788] Exchange email messages cannot be detected as internal messages so that system email messages are sent to Trend Micro Deep Discovery Analyzer for analysis. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch prevents ScanMail from sending system- generated email messages to Deep Discovery Analyzer. Issue 5: [SEG-43197] Manual Scan takes a long time to complete when the "Scan messages that have not been scanned" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that manual scans run normally with the option. Issue 6: [SEG-48122] [Hotfix 2040] ScanMail may encounter a mail loop issue when the "Submit email messages to Virtual Analyzer" option is enabled simultaneously with the URL rewrite feature. This happens when ScanMail cannot verify if the URL has already been rewritten or not, and keeps attempting to rewrite the URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch resolves this known issue. Issue 7: [SEG-42320] [Hotfix 1823] An issue prevents ScanMail for Microsoft Exchange from running certain database operations that contain datetime information on some Microsoft Windows(TM) platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch resolves the issue by changing the datetime format in the affected database operations. Issue 8: [SEG-48497] [Hotfix 2045] Users cannot delete items from a mailbox using the Search & Destroy function because certificate validation by EWS Managed API is not successful. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that certificate validation by EWS Management API completes successfully. Issue 9: [SEG-53244] [Hotfix 2045] The TrendMicro Site Safety Center URL "http://reclassify.wrs.trendmicro.com" in the "Web Reputation Filter" page of the ScanMail web console cannot be accessed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch updates the TrendMicro Site Safety Center URL on the page to "https://global.sitesafety.trendmicro.com". Issue 10: [SEG-52663] The "Take action on unrated URLs" option in the Web Reputation settings is disabled automatically when the "Enable URL Analysis" option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch ensures that the "Take action on unrated URLs" option in the Web Reputation settings can be enabled successfully when the "Submit email messages to Virtual Analyzer" or "Enable URL Analysis" is disabled. Issue 11: [SEG-53238] [Hotfix 1321] The ScanMail 14 Online Help page redirects to ScanMail 12.5 pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch ensures that the Online Help page redirects to the correct pages. NOTE: Clear your browser cache and log in to ScanMail again after applying this patch. Issue 12: [SEG-51440] [Hotfix 2044] A URL extracted from an email message with text/plain content type but is in RTF format may not contain the "\line" RTF flag and may be rewritten. When this happens, the email message will not display correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch enables ScanMail to correctly identify that a plain text email message that starts with an RTF flag is in RTF format. This allows ScanMail to skip rewriting URLs in this kind of email messages. Issue 13: [SEG-51783] The DLP policy exception does not work if other non-exception addresses are listed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch resolves the issue by adding a boundary match and a condition to decide whether to retrieve the recipient information from an email message. Issue 14: [SEG-57951] The following issues have been discovered in ScanMail: 1. The following System Event settings cannot be replicated through the "Server Management" page of the web console or through Control Manager. - Predictive Machine Learning service was - Writing Style service was 2. The "Apply All" button on the Notification Settings section of the Administration web console does not work on the following alert settings: - System Event Predictive Machine Learning service was - Writing Style service was ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch ensures that both System Event settings can be replicated through the "Server Management" page and the Control Manager web console. This patch also ensures that the "Apply All" button works on both alert settings. 9. Files Included in This Release ====================================================================== This is a full package release. Detail files list refer to ScanMail (for Microsoft Exchange) 14 installation package. 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2019, Trend Micro Incorporated. All rights reserved. Trend Micro, ScanMail, Control Manager, Data Loss Prevention, OfficeScan, eManager and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide