<> Trend Micro, Inc. June 16, 2022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ScanMail(TM) (for Microsoft(TM) Exchange) Version 14.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: http://docs.trendmicro.com/en-us/enterprise/ scanmail-for-microsoft-exchange.aspx Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About ScanMail for Microsoft Exchange 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Resolved Issues in 14.0 Repack 1 2.2 New Features and Enhancements in 14.0 2.3 Resolved Issues in 14.0 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation Notes 6. Post-installation Configuration 7. Troubleshooting 8. Known Issues 9. Release History 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About ScanMail for Microsoft Exchange ======================================================================== ScanMail protects Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. Use the ScanMail installation program to quickly install ScanMail to one or more, local or remote, Exchange servers. Once installed, ScanMail can protect your servers in real time against viruses/malware, Trojans, worms, and spyware/grayware. ScanMail sustains business and network integrity by screening out spam messages and messages containing undesirable or unwanted content. ScanMail monitors and protects sensitive information that is travelling across your network. 1.1 Overview of this Release ===================================================================== Version 14.0 release fully supports protection for Microsoft Exchange Server 2019. This release enables ScanMail to send security risk, policy violation, spam and audit logs to the popular Security Information and Event Management (SIEM) platforms. It also enables administrators to view summary data and graph for the last 30 days by default. Additionally, this service pack fully supports: - .Net Framework 4.7.2 or 4.8 - Cumulative Update 12 for Exchange Server 2019 - Cumulative Update Package 13 for SQL Server 2017 1.2 Who Should Install this Release ===================================================================== Administrators currently running Exchange 2019, Exchange 2016 or Exchange 2013 can install this release. 2. What's New ======================================================================== 2.1 Resolved Issues in 14.0 Repack 1 ===================================================================== - Resolved DLL Hijacking in Installer File =================================================================== While launching the installation file, this version of ScanMail makes sure that the correct system DLL file is loaded instead of a fake DLL file. 2.2 New Features in 14.0 ===================================================================== This release includes the following new features: 2.2.1 Exchange Server 2019 support =================================================================== This version of ScanMail fully supports protection for Microsoft Exchange Server 2019 running on Windows Server 2019 or Windows Server 2022. 2.2.2 Log forwarding to SIEM =================================================================== This version of ScanMail provides sending security risk, policy violation, spam and audit logs to the popular Security Information and Event Management (SIEM) platforms. 2.2.3 Flexible view for Summary data and graph =================================================================== This version of ScanMail enables administrator to view Summary data and graph in a scope of last 30 days by default. Or view them by selecting last 7 days or today instead of today only in previous version. 2.2.4 URL Time-of-Click Protection for specific recipients =================================================================== This version of ScanMail enables administrator to add specific recipients as URL Time-of-Click protection target. 2.2.5 Performance tuning according to server hardware configuration =================================================================== This version of ScanMail performance enhanced to support server with large memory such as 128GB or 256GB. The ScanMail scanning thread number is tuned automatically during ScanMail installation. NOTE: You will need to add ApplicationImpersonation privilege for the ScanMail Windows domain account. To add this privilege, run Exchange PowerShell: New-ManagementRoleAssignment -Name:SmexImpersonation -Role:ApplicationImpersonation -User:UserName 2.3 Product Enhancements ===================================================================== This release includes the following new enhancements: - 2.3.1 Block password protected email attachment =================================================================== This version of ScanMail enables to block password protected Microsoft Office documents and compressed files. [Hotfix: hfb2030-12.5 SP1 EN] - 2.3.2 Add login failure audit log =================================================================== This version of ScanMail enables to log login failure event. ScanMail administrator can query login failure event log. - 2.3.3 Show last refresh time in Server Groups page =================================================================== This version of ScanMail provides last refresh time in Server Groups page. - 2.3.4 Send unscannable Message Information to Control Manager =================================================================== This version of ScanMail ensures that ScanMail for Microsoft Exchange sends unscannable Message Information to Control Manager. [Hotfix: hfb2025-12.5 SP1 EN] 2.4 Resolved Issues in 14.0 ===================================================================== - This version of ScanMail fixed Control Manager Agent off-line issue if ScanMail_Master restart unexpectedly. - This version of ScanMail resolves the settings replication issue, so ScanMail replicate Internal Domains and Advanced Spam Prevention settings to other ScanMail target servers. [Hotfix: hfb2033-12.5 SP1 EN] - This version of ScanMail ensures that users can access the "Writing Style Training Settings" page normally when users logon to ScanMail using the "Logon with domain credentials" option. [Hotfix: hfb2033-12.5 SP1 EN] - This version of ScanMail removes the duplicate options from the drop-down list on the "Scheduled Scan Task" page. [Hotfix: hfb2033-12.5 SP1 EN] - This version of ScanMail improves the cache mechanism in ScanMail to ensure that file locks are released correctly when it encounters an exception. [Hotfix: hfb2032-12.5 SP1 EN] [Hotfix: hfb2024-12.5 SP1 EN] - This version of ScanMail fixed issue that the Exchange submission queue fills up during a TMASE pattern update. [Hotfix: hfb2029-12.5 SP1 EN] - This version of ScanMail resolves the issue that the attachments may remain in "Being Analyzed" status when an email has been flagged as new born Spam and its suspicious file attachments has been sent to Trend Micro Deep Discovery Analyzer. [Hotfix: hfb2023-12.5 SP1 EN] - This version of ScanMail ensures that ScanMail can replicate internal domains to other ScanMail target servers through the "Server Management" page or from the Control Manager server successfully. [Hotfix: hfb2021-12.5 SP1 EN] - This version of ScanMail resolves the issue that ScanMail does not send its Product License Information to Control Manager(TM). [Hotfix: hfb2020-12.5 SP1 EN] - This version of ScanMail resolves the issues caused by updating engine files from Control Manager ActiveUpdate (AU) site without version check and the old version engine file can be downloaded. [Hotfix: hfb2019-12.5 SP1 EN] - This version of ScanMail ensures that the IIS setting "nosniff" option can be enabled in IIS HTTP Response Headers without issues. [Hotfix: hfb2016-12.5 SP1 EN] - This version of ScanMail fixes the issue that the inbound disclaimer will be added to an email message every time a manual or scheduled scan. [Hotfix: hfb2015-12.5 SP1 EN] - This version of ScanMail provides an option to configure ScanMail to retrieve the EWS Virtual Directory from the Active Directory Domain Services (AD DS). This solution can prevent ScanMail get messages from distant Exchange servers. [Hotfix: hfb2013-12.5 SP1 EN] Procedure: To configure this option: a. Open the Registry Editor. b. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: GetWebServicesVirtualDirectoryThroughAD Type: REG_DWORD Data value: "1" = ScanMail will retrieve the virtual directory properties from the AD DS. "0" = ScanMail will retrieve virtual directory properties from the Internet Information Services (IIS) metabase. - This version of ScanMail resolves the issue that Master Service stops unexpectedly when it receives a buffer from another module and the buffer size is "0". [Hotfix: hfb2012-12.5 SP1 EN] - This version of ScanMail resolves the issue that ScanMail could not downloaded pattern "Anti-spam Pattern (Enhanced)" from Control Manager. [Hotfix: hfb2010-12.5 SP1 EN] - This version of ScanMail resolves the issue that resending quarantined email failed. This issue is caused by Exchange server automatically changes the email's Message-ID because it does not match the sender's domain. [Hotfix: hfb2009-12.5 SP1 EN] Procedure: To configure this option: a. Open the Registry Editor. b. Add or locate the following key and set the preferred value: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: SkipResendMessageIdCheck Type: REG_DWORD Data value: "1" = ScanMail skips Message-ID checking for quarantined email messages that are resent as original email "0" = ScanMail checks Message-ID of quarantined email messages that are resent as original email message c. Restart the ScanMail service. - This version of ScanMail resolves the issue that customer's proxy server certificate error prevents users from enabling Predictive Machine Learning (PML). [Hotfix: hfb2006-12.5 SP1 EN] Procedure: To disable the verify peer option for TrendX: a. Open the Registry Editor. b. Add or locate the following key and set it to "0". * Path: HKLM\SOFTWARE\TrendMicro\Scanmail for Excahnge\CurrentVersion * Key: VerifyPeerForTrendX * Type: REG_DWORD * Data values: 1: enables verify peer option for TrendX (default) 0: disables the verify peer option for TrendX c. Restart the ScanMail for Microsoft Exchange Master Service. d. Log on to the ScanMail for Microsoft Exchange console and enable PML. - This version of ScanMail resolves an issue that could prevent ScanMail from resending quarantined email messages that were queried from remote servers. [Hotfix: hfb2003-12.5 SP1 EN][Hotfix: hfb1818-12.0 SP1 Patch 3] - This version of ScanMail enables ScanMail for Microsoft Exchange to replace invalid characters in file names, for example ":" "|", to a space character " " to prevent the parsing error. [Hotfix: hfb2001-12.5 SP1 EN] - This version of ScanMail provides a way to configure ScanMail to skip taking the action on samples that could not be scanned by VSAPI or ATSE engine. [Hotfix: hfb2636-12.5 SP1 JP] Procedure: To configure InterScan to skip the "Files outside of scan restriction criteria" action when VSAPI or ATSE returns a "BAD_ZIP_ERR" or "NO_SUPP_ERR" error code while scanning a sample: a. Open the Registry Editor. b. Add or locate the following key and set the value to the specific error code or codes separated by a semi-colon: Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion Key: VSAPISkipError Type: REG_SZ Data value:-82;-91 (-82:BAD_ZIP_ERR; -91: NO_SUPP_ERR) (-82:BAD_ZIP_ERR; -91: NO_SUPP_ERR) - This version of ScanMail ensures that the Automatic Quarantine Maintenance and Automatic Report Maintenance functions work normally. [Hotfix: hfb2024-12.5 SP1 JP][Hotfix: hfb2002-12.5 SP1 EN] - This version of ScanMail enables Virtual Analyzer to work with ATSE 11.x. [Hotfix: hfb1819-12.0 SP1 Patch 3 EN][Hotfix: hfb2011-12.5 SP1 EN] Note: The registry hidden keys in ScanMail are available at the following location: https://success.trendmicro.com/solution/1114148 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues, release history and contact information o Administrator's Guide -- product overview, configuration instructions, and detailed information for managing the product environment. Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/en-us/enterprise/ scanmail-for-microsoft-exchange.aspx o Installation Guide -- A PDF document containing product requirements, deployment planning, installation instructions and other information intended to get you "up and running." o Online help -- Context-sensitive help screens that provide guidance for performing a task. 4. System Requirements ======================================================================== To install ScanMail with Microsoft Exchange Server 2019: Processor --------- - Intel processor that supports Intel 64 architecture (formerly known as Intel EM64T) - AMD processor that supports the AMD64 platform Memory ------ - 4GB RAM (Exclusively for ScanMail) Disk space ---------- - 5GB free disk space Operating System ---------------- - Microsoft Windows Server 2022 Standard or Datacenter - Microsoft Windows Server 2019 Standard or Datacenter Note: For ScanMail deployment on Server Core edition, Trend Micro recommends running installation package on Windows Server with Desktop Experience feature and deploy ScanMail remotely. Mail Server ----------- - Microsoft Exchange Server 2019 Web Server ---------- - Microsoft Internet Information Services (IIS) 10.0 Browser ------- - Microsoft Internet Explorer 7.0 or later - Mozilla Firefox 3.0 or later MSXML ----- MSXML 4.0 SP2 or above .NET Framework -------------- - .NET framework 4.7.2 or 4.8 To install ScanMail with Microsoft Exchange Server 2013 Service Pack 1 or later versions, including Exchange Server 2016: Processor --------- - x64 architecture-based computer with Intel processor that supports Intel 64 architecture (formerly known as Intel EM64T) - AMD processor that supports the AMD64 platform Memory ------ - 1GB RAM (2GB RAM recommended) (Exclusively for ScanMail) Disk space ---------- - 5GB free disk space Operating System ---------------- - Windows Server 2016 Standard or Datacenter - Windows Server 2012 R2 Standard or Datacenter - Windows Server 2012 Standard or Datacenter - Windows Server 2008 R2 Standard with SP1 - Windows Server 2008 R2 Enterprise with SP1 Mail Server ----------- - Microsoft Exchange Server 2013 SP1 or later version - Microsoft Exchange Server 2016 Web Server ---------- - Microsoft Internet Information Services (IIS) 10.0 - Microsoft Internet Information Services (IIS) 8.5 - Microsoft Internet Information Services (IIS) 8.0 - Microsoft Internet Information Services (IIS) 7.5 Browser ------- - Microsoft Internet Explorer 7.0 or later - Mozilla Firefox 3.0 or later MSXML ------- MSXML 4.0 SP2 or above .NET Framework -------------- - .NET Framework 4.5 or later 5. Installation/Uninstallation ======================================================================== 5.1 Installation/Uninstallation Notes ===================================================================== - Before performing a fresh installation of Trend Micro ScanMail (for Microsoft Exchange), ensure that the following role services for Web Server (IIS) are installed: - CGI role service - Default Document - Static Content - IIS 6 Management Compatibility - This version of ScanMail supports remote and multi-server deployment. - This version of ScanMail automatically restarts the following services on Exchange Servers: - ScanMail for Microsoft Exchange Master Service - ScanMail for Microsoft Exchange Remote Configuration Server - ScanMail for Microsoft Exchange System Watcher - ScanMail EUQ Monitor - Microsoft Exchange Transport Service - IIS Admin Service - To install/uninstall this release, the minimum privilege required is local administrator and domain user. When using the Search & Destroy or manual scan functions, the Organization Management privilege is also required for the installation/uninstallation of this release. Note: The installing account requires "log on as batch" or "log on as service" rights after turning on User Account Control (UAC). - This version supports silent installation, refer to the Trend Micro ScanMail (for Microsoft Exchange) Installation Guide for more details. - Run Setup.exe and select Install. The framework automatically installs on the appropriate directory, copies files, and installs the database. The "Successfully completed" count increases upon completion of the installation - To uninstall this release, run Setup.exe and select uninstall. The framework automatically performs an uninstallation until the setup screen displays that the uninstallation was successful. Alternatively, uninstall the installation from the Control Panel. Refer to the Trend Micro ScanMail (for Microsoft Exchange) Installation Guide for detailed information. 6. Post-installation Configuration ======================================================================== - Add the ScanMail web console URL to the Trusted sites list and ensure that the browser settings have JavaScript enabled for this site. - For better performance, Trend Micro recommends disabling the built-in anti-malware protection available in Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019. Note: Trend Micro recommends updating all components immediately after installing the product. 7. Troubleshooting ======================================================================== 7.1 Troubleshooting ScanMail Installations ===================================================================== If any problems are encountered while installing ScanMail, collect debug logs and send them to Trend Micro to assist in discovering the root cause of the issue. Perform the following steps to collect debug logs: 1. Open the folder %SYSTEMROOT%\temp (by default, c:\windows\temp) 2. Collect the following files and send them to Trend Micro: - instSetupHelper.log - MsiExec.log - RIFRemoteInstallAgent.log - ScanMail_exeCustomActionWrapper.log - ScanMail_exeInstallAgent.log - ScanMail_exeTMPatchLauncher.log - ScanMail_SetupUI.log - Setup.log - SMEX_MsiInstall-SMEX.log 3. Collect \SMEX_DatabaseCreation.log (by default, C:\Program Files\Trend Micro\Smex \SMEX_DatabaseCreation.log) 7.2 Troubleshooting While Using ScanMail ===================================================================== If problems are encountered while using ScanMail, collect debug logs and send them to Trend Micro to assist in discovering the root cause of the issue. The following steps enable debug logging: 1. Log on the ScanMail web console and click Administration -> Trend Support/Debugger. 2. Select all the modules and click the Apply button. 3. Reproduce the problem. 4. Go to the ScanMail installation folder (by default, C:\Program Files\Trend Micro\Smex) and open the debug folder. 5. Compress the folder and send to Trend Micro. 8. Known Issues ======================================================================== - N/A 9. Release History ======================================================================== ScanMail 12.0 for Microsoft Exchange March 2016 ScanMail 12.0 for Microsoft Exchange Service Pack 1 November 2016 ScanMail 12.5 for Microsoft Exchange December 2017 ScanMail 12.5 for Microsoft Exchange Service Pack 1 July 2018 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, United States, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides centrally controlled server-based virus protection and content-filtering products and services. By protecting information that flows through Internet gateways, email servers, and file servers, Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2019, Trend Micro, the Trend Micro t-ball logo, and ScanMail are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license Third-party licensing agreements can be viewed: - By referring to the file "Third-party_licensing_agreements.doc"