<<<<USE COURIER REGULAR 10 FONT IF YOU WOULD LIKE TO PRINT THIS DOCUMENT>>>>


  Trend Micro, Inc.                                        July 31, 2015
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.5 
                   Service Pack 1 Hot Fix - Build 1321
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   NOTICE: This hot fix was developed as a workaround or solution to a
   customer-reported problem. As such, this hot fix has received
   limited testing and has not been certified as an official product
   update. Consequently, THIS HOT FIX IS PROVIDED "AS IS." TREND MICRO
   MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF
   THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS ERROR FREE. TO
   THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL
   IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE
   IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS
   FOR A PARTICULAR PURPOSE.

     Contents
     ===================================================================
     1.  Hot Fix Release Information
         1.1 Issues
         1.2 Enhancements
         1.3 Files Included in this Release
     2.  Documentation Set
     3.  System Requirements
     4.  Installation/Uninstallation
         4.1 Installation
         4.2 Uninstallation
     5.  Post-installation Configuration
     6.  Known Issues
     7.  Release History
         7.1 Prior Hot Fixes
     8.  Contact Information
     9.  About Trend Micro
     10. License Agreement
     ===================================================================


  1. Hot Fix Release Information
  ======================================================================

     1.1 Issues
     ===================================================================
     This hot fix resolves the following issues:
     
     Issue 1:    [Hot Fix 1321] (TT-322659)  
                 InterScan Web Security Virtual Appliance (IWSVA) 6.5 
                 Service Pack 1 does not support SHA-256 CA when it acts 
                 as a private Certificate Authority (CA).             
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: This hot fix enables IWSVA 6.5 Service Pack 1 to 
                 support SHA-256 CA.
     -------------------------------------------------------------------
     Issue 2:    IWSVA 6.5 Service Pack 1 does NOT support TLS 1.1 and 
                 TLS 1.2.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: This hot fix upgrades the OpenSSL module in IWSVA 6.5 
                 Service Pack 1 to support TLS 1.1 and TLS 1.2.
     -------------------------------------------------------------------
     Issue 3:    IWSVA 6.5 Service Pack 1 cannot sync the HTTPS 
                 exception list among multiple IWSVAs.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: This hot fix enables IWSVA 6.5 Service Pack 1 to sync 
                 the HTTPS exception list using CCR to ensure that it 
                 can sync the list among multiple IWSVAs.
     -------------------------------------------------------------------
     Issue 4 :   IWSVA 6.5 Service Pack 1 does not allow users to  
                 customize notification messages for 5XX errors.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 4: This hot fix allows users to customize notification 
                 messages for 5xx errors.
     -------------------------------------------------------------------
     Issue 5:    IWSVA 6.5 Service Pack 1 FTP syslog does not support 
                 some tokens used in the HTTP syslog.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 5: This hot fix enables the FTP syslog to support more 
                 tokens. 
     -------------------------------------------------------------------
     Issue 6:    The IWSVA 6.5 Service Pack 1 raw log does not include
                 the "X_forworded_for" and "Original_IP" headers. 
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 6: This hot fix enables IWSVA 6.5 Service Pack 1 to 
                 display the "X_forworded_for" and "Original_IP" headers
                 in the raw log.
     -------------------------------------------------------------------      
     Issue 7:    [Hot Fix 1321] (TT-325986)
                 The Online Help (OLH) incorrectly indicates that the 
                 HTTPS port ACL is not available in ICAP mode.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 7: This hot fix corrects the information on the OLH.

     1.2 Enhancements
     ===================================================================
     There are no enhancements for this hot fix release.
 
     1.3 Files Included in this Release
     ===================================================================
     A. Files for Current Issue
     -------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        libdaemon.so                                       1321
        svcmonitor                                         1321
        isdelvd                                            1321

        Files for Issue 1
     -------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        libHTTPSDecryption.so                               1321

        Files for Issue 2
      ------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        libdaemon.so                                        1321
        libHTTPSDecription.so                               1321
        libcavium.so                                        1321
        uniqueName                                          1321

        Files for Issue 3
      -------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        https_exception_sync_tool.sh                       1321
        https_sync_tool.py                                 1321
        iwsva_scp_except                                   1321

      Files for Issue 4
      ------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        libhttpproxy.so                                    1321
        500_internal_server_error_response.html            1321
        502_bad_gateway_response.html                      1321
        503_connect_fail_response.html                     1321
        503_dns_fail_response.html                         1321
        504_dns_timeout_response.html                      1321
        504_server_timeout_response.html                   1321   
                                                              
      Files for Issue 5                                       
      ------------------------------------------------------------------
        Filename                                          Bu ild No.
     -------------------------------------------------------------------
        daemon.so                                          1321
        libftp.sp                                          1321
        libhttpproxy.so                                    1321
        libicap.so                                         1321
        libsystemeventlog.so                               1321
        sysevtlog.dat                                      1321

      Files for Issue 6
      ------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        libdaemon.so                                       1321
        libftp.so                                          1321
        libhttpproxy.so                                    1321
        libicap.so                                         1321
        IWSSPISigScan.so                                   1321
        IWSSPINcie.so                                      1321
        IWSSPIJavascan.so                                  1321
        libiwsshelper.so                                   1321
        IWSSPIUrlFilter.so                                 1321
        IWSSPIDlpFilter.so                                 1321
        IWSSPIDpi.so                                       1321
        IWSSPIScanVsapi.so                                 1321
        libsystemeventlog.so                               1321
        appd                                               1321
        libuiauutil.so                                     1321
        dtasagent                                          1321
        libproductbase.so                                  1321
        iwss_log_converter.py                              1321
        common_id.py                                       1321
        log_query.py                                       1321

      
        Files for Issue 7
     -------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        http_httpsport.htm                                 1321

     B. Files for Previous Solutions
     -------------------------------------------------------------------
        Filename                                          Build No.
     -------------------------------------------------------------------
        IWSSPIUrlFilter.so                                 1303
        libhttpproxy.so                                    1303
        libHTTPSDecryption.so                              1303
        appd                                               1305
        libdaemonbase.so                                   1305
        dtasagent                                          1305
        client.py                                          1305
        config_network_interface.jsp                       1305
        IWSSPIDlpFilter.so                                 1305
        IWSSPIDpi.so                                       1305
        IWSSPIJavascan.so                                  1305
        IWSSPINcie.so                                      1305
        IWSSPIScanVsapi.so                                 1305
        IWSSPISigScan.so                                   1305
        libftp.so                                          1305
        libicap.so                                         1305
        svcmonitor_dump.sh                                 1305
        libtmsa.so                                         1305
        libtmwk.so                                         1305
        libuiauutil.so                                     1305
        webConsole.jsp                                     1305
        libcavium.so                                       1305
        LdapSyncTool                                       1305
        libcommonldap.so                                   1305
        rule_file_va6.0_to_va6.0.xml                       1305
        rule_file_va6.0sp1_to_va6.0sp1.xml                 1305
        rule_file_va6.5_to_va6.5.xml                       1305
        rule_file_va6.5sp1_to_va6.5sp1.xml                 1305
        libtmuseng.so.1.0.1012                             1305
        iwss_log_converter.py                              1305
        logging.properties                                 1309
        i18n_warnmsg.js                                    1309
        pac_files_edit.jsp                                 1309
        pac_files.jsp                                      1309
        iwsvafw.sh                                         1309
        IWSSGui.jar                                        1309
        libICRCHdler.so                                    1313
        libICRCHdler.so.1                                  1313
        libtmsa.so                                         1313
        libtmwk.so                                         1313
        libdaemon.so                                       1313
        libproductbase.so                                  1313
        IWSSPIDlpFilter                                    1313
        IWSSPIDpi.so                                       1313
        IWSSPIJavascan.so                                  1313
        IWSSPIScanVsapi.so                                 1313
        IWSSPISigScan.so                                   1313
        IWSSPIUrlFilter.so                                 1313
        libhttpproxy.so                                    1313
        libicap.so                                         1313
        libuiauutil.so                                     1313
        libReportLogging.so                                1313
        libProductLibrary.so                               1313
        libiwsshelper.so                                   1313
        intscan.ini                                        1313
        S98upgrade                                         1313
        IWSSGui.jar                                        1313


  2. Documentation Set
  ======================================================================
     In addition to this readme.txt, the documentation set for this
     product includes the following:

     o Readme.txt - basic installation, known issues, release history
       and contact information

     o Electronic versions of the printed manuals are available at:
 
       http://www.trendmicro.com/download


  3. System Requirements
  ======================================================================
     There are no additional requirements for installing this hot fix.


  4. Installation/Uninstallation
  ======================================================================

     4.1 Installation
     ===================================================================
     To install this hot fix:

     1. Download the "iwsva_65_sp1_ar64_en_hfb1321.tgz" hot fix file to 
        your local hard disk.

     2. Log on to the IWSVA admin console GUI.

     3. Go to the "Administration > System Updates" page.

     4. Click "Browse".

     5. Browse your local hard disk for the 
        "iwsva_65_sp1_ar64_en_hfb1321.tgz" hot fix file and click 
        "Open".

     6. Click "Upload". Your browser uploads the hot fix file to IWSVA 
        which validates if the file is a legitimate hot fix.

     7. Click "Install" to apply the hot fix and update IWSVA to
        build 1321. The HTTP and FTP services in IWSVA restart
        automatically.
 
        NOTE: Applying this hot fix interrupts the HTTP and FTP services
              for several minutes. Plan appropriately for this downtime.

     8. Clear the browser cache.

     4.2 Uninstallation
     ===================================================================
     To uninstall the hot fix:

     1. Log on to the IWSVA admin console GUI.

     2. Go to the "Administration > System Updates" page.

     3. Click "Uninstall" next to "hfb1321" and verify the hot fix ID
        and description in the confirmation page that appears.

     4. Click "Uninstall" to remove hot fix 1321 and rollback IWSVA to 
        the previous build. The HTTP and FTP services in IWSVA restart
        automatically.

        NOTE: Removing this hot fix interrupts the HTTP and FTP services
              for several minutes. Plan appropriately for this downtime.


  5. Post-installation Configuration
  ======================================================================
     No post-installation steps are required.

     Note: Trend Micro recommends that you update your scan engine and
           virus pattern files immediately after installing this 
           hot fix.


  6. Known Issues
  ======================================================================
     There are no known issues for this hot fix.


  7. Release History
  ======================================================================
     See the following web site for more information about updates
     to this product:

     http://www.trendmicro.com/download/product.asp?productid=86

     7.1 Prior Hot Fixes
     ===================================================================
     Note: Only the new solutions were tested for this release. Prior hot
           fixes were tested at the time of their release.

     Hot Fix 1303
 
     Issue 1:    [Hot Fix 1303] (TT-321197)
                 A parsing error prevents users from accessing a certain 
                 web site from computers protected by IWSVA 6.5 
                 Service Pack 1 in ICAP mode.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: This hot fix resolves the issue so that users can 
                 access the web site normally in affected computers.
    
     Issue 2:    [Hot Fix 1303] (TT-321129)
                 Builds of IWSVA 6.5 Service Pack 1 that are lower than 
                 the common build number of IWSVA 6.5 cannot register 
                 to Trend Micro Control Manager(TM) 6.0. This occurs 
                 because builds of IWSVA 6.5 Service Pack 1 are treated 
                 as builds of IWSVA 6.5 so IWSVA 6.5 Service Pack 1 
                 build numbers that are lower than the common build 
                 number of IWSVA 6.5 are considered as out-dated.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: This hot fix ensures that any build of IWSVA 6.5 
                 Service Pack 1 can successfully register to 
                 Control Manager 6.0.
    
     Issue 3:    [Hot Fix 1303] (TT-318535)
                 When the user identification feature of IWSVA 6.5 
                 Service Pack 1 is enabled, certain client applications 
                 cannot perform authentication and will not be able to 
                 run.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: This hot fix resolves the issue by enabling IWSVA 6.5
                 Service Pack 1 to skip authentication while processing
                 HTTP requests when the user identification feature is 
                 enabled but the HTTP request does not have a 
                 "user-agent" header.
    
     Issue 4:    [Hot Fix 1303] (TT-316742)
                 The Server Name Identification feature does not work 
                 when IWSVA 6.5 Service Pack 1 is deployed with an  
                 upstream proxy server.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 4: This hot fix ensures that the Server Name
                 Identification feature works normally when IWSVA 6.5 
                 Service Pack 1 is deployed with an upstream proxy 
                 server. 
     
     Critical Patch 1305
 
     Issue 1:     (TT-000231)
                  When the appd process closes, it may use resources 
                  that have already been released which may trigger a 
                  core dump issue.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1:  This critical patch prevents the appd process from 
                  using released resources while exiting to prevent the
                  core dump issue.
           
     Issue 2:     The iwssd process may trigger a core dump issue while
                  accessing URLs that belong to one or more custom 
                  categories and use a multi-part format for downloads
                  and uploads. This occurs because under this scenario,
                  iwssd may release a memory block twice.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2:  This critical patch prevents iwssd from releasing a 
                  memory block twice.

     Issue 3:     When the log agent processes UserName information and 
                  a UserName uses double-byte characters, the log agent 
                  does not use Unicode to decode the UserName. This can 
                  trigger an error when the log agent attempts to check 
                  the UserName RBAC information. 
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3:  This critical patch enables the log agent to use 
                  Unicode to decode UserName information that contain 
                  DBCS characters.   

     Issue 4:     The iwssd process does not have a time out mechanism
                  when it waits for scan results from the Script Analysis.
                  This may trigger a core dump issue when there
                  is a large number of files in the Script Analysis queue.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 4:  This critical patch prevents the core dump issue under 
                  the scenario described above.
    
     Issue 5:     By default, the InterScan Web Security Virtual 
                  Appliance (IWSVA) 6.5 Service Pack 1 web console uses
                  HTTPS and a built-in certificate which users cannot 
                  replace.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 5:  This critical patch allows users to import their own 
                  certificates into IWSVA.

     Issue 6:     IWSVA 6.5 Service Pack 1 uses OpenSSL 1.0.0j which is
                  affected by several vulnerabilities. 
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 6:  This critical patch updates the OpenSSL lib in IWSVA 
                  to the latest version.

     Issue 7:     (TT-318441)
                  By default, IWSVA 6.5 supports the "UserPrincipalName" 
                  value for  authentication, however, the authentication
                  may fail when users have configured multiple Active 
                  Directory (AD) servers.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 7:  This critical patch provides a way for users to 
                  prevent IWSVA 6.5 from converting the 
                  "UserPrincipalName" values to ensure that IWSVA 6.5 
                  can perform authentication normally when multiple AD 
                  servers are configured.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Procedure 7: To disable "UserPrincipalName" conversion:
   
                  a. Open the "LdapSetting.ini" file in the
                     "/usr/iwss/commonldap/" folder." 

                  b. Add the "convert_prin=no" key in the "LDAP_Setting" 
                     section.

                     [LDAP_Setting]
                     convert_prin=no

                     Note: To allow IWSVA 6.5 to convert 
                           "UserPrincipalName" values again, set
                           "convert_print=yes".

                  c. Save the changes and close the file.

                  d. Run the following command: 

                     run cmd /etc/iscan/commonldap/LdapSyncTool.sh


     Issue 8:     (TT-321097)
                  By default, the scheduled configuration replication 
                  feature of IWSVA 6.5 Service Pack 1 replicates 
                  policies and configuration files, however, some 
                  users prefer to replicate policies only.               
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 8:  This critical patch provides a way for users to
                  configure the scheduled configuration replication 
                  feature to replicate policies only.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Procedure 8: To configure the scheduled configuration replication 
                  feature to replicate policies only:
   
                  a. Open the "intscan.ini" file in the "/etc/iscan" 
                     folder on the CCR source machine.

                  b. Add the "schedule_ccr_type=4" key in the "CCR" 
                     section.

                     [CCR]
                     schedule_ccr_type=4

                  c. Save the changes and close the file.

                  d. Run the following command: 
 
                     /etc/iscan/S99IScanHttpd restart
     
     Issue 9:     (TT-318351)
                  Sometimes, Kerberos authentication fails and prevents 
                  IWSVA 6.5 Service Pack 1 from syncing with LDAP 
                  servers. This occurs when multiple AD servers have 
                  been specified in the "User Identification" page of 
                  the IWSVA 6.5 Service Pack 1 console.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 9:  This critical patch ensures that IWSVA 6.5 
                  Service Pack 1 can successfully run Kerberos 
                  authentication and sync with LDAP servers when
                  multiple AD servers are specified in the "User 
                  Identification" page. 
     
     Issue 10:    (TT-318663)
                  After migrating the configuration in IWSVA 6.5
                  Service Pack 1, encounter a duplicate key error while 
                  attempting to add or edit the exception list of an 
                  existing policy.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 10: This critical patch updates the sequence of processes 
                  during migration to prevent the duplicate key error 
                  and to ensure that administrators can add or edit 
                  exception lists of existing policies successfully.  
                 
     Issue 11:    (TT-314804)
                  IWSVA 6.5 Service Pack 1 cannot block the Tor program 
                  even after users set it to block the application 
                  through the IWSVA web console.                 
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 11: This critical patch makes changes to the default 
                  settings of IWSVA 6.5 to enable the appd daemon to 
                  block programs properly.
                  
     Issue 12:    (TT-319892)
                  When IWSVA 6.5 is configured to use an upstream proxy 
                  and its HTTPS decryption feature is enabled, users may 
                  not be able to access random HTTPS web sites.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 12: This critical patch ensures that users can access 
                  HTTPS web sites without issues when IWSVA is 
                  configured to use an upstream proxy and its HTTPS 
                  decryption feature is enabled.

     Issue 13:    (TT-318221)
                  The TMUSE engine stops unexpectedly when the Dynamic 
                  URL Categorization feature is enabled.
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 13: This critical patch resolves the issue by updating 
                  the TMUSE engine.

     Hot Fix 1309
     
     Issue 1:    End users cannot download the PAC file from the 
                 IWSVA 6.5 web console because the web browser does not 
                 trust the certificate of the IWSVA 6.5 web console. 
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: This hot fix enables users to download the PAC file 
                 from the IWSVA 6.5 through HTTP. 

     Issue 2:    [Hot Fix 1309] (TT-322715) 
                 The "catalina.out" Tomcat log file in the IWSVA 6.5 web
                 server may grow to a very large size. 
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: This hot fix enables IWSVA 6.5 to clean this Tomcat 
                 log file regularly to ensure that it stays within the
                 normal size range.

     Critical Patch 1313

     Issue 1:    (TT-318221)
                 Some common modules in IWSVA 6.5 may stop unexpectedly 
                 and generate dump files.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 1: This critical patch updates the iCRC and SA 
                 common modules in IWSVA 6.5 to prevent these from
                 stopping unexpectedly and generating dumb files.
     
     Issue 2:    IWSVA 6.5 removes the XFF HTTP headers from customized 
                 text-based logs.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 2: This critical patch ensures that IWSVA 6.5 does not 
                 delete XFF HTTP headers from customized text-based 
                 log files.
     
     Issue 3:    The "client_skip_content"  key setting may 
                 trigger certain vulnerabilities in IWSVA 6.5.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 3: This critical patch enables IWSVA 6.5 to clean the
                 "client_skip_content"  key setting to prevent
                 the vulnerabilities.
     
     Issue 4:    (TT-324504)
                 Administrators encounter a S98upgrade script error when
                 IWSVA starts up after being upgraded from version 6.5 
                 to version 6.5 Service Pack 1.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 4: This critical patch corrects the corresponding script 
                 to ensure that it runs smoothly.
     
     Issue 5:    (TT-323958)
                 The last modified time information for a policy changes 
                 to the current time once users access the policy even 
                 when users did not make changes to the policy.
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
     Solution 5: This critical patch ensures that the last modified 
                 time information for policies change only when users
                 make changes to the policy.
     
     Issue 6:    (TT-321787) 
                 The migration script stops responding when it 
                 encounters a time skew issue between the configuration
                 replication (CCR) source and receiver. 
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution 6: This critical patch resolves the issue.

     Hot Fix 1317
     
     Issue:    When IWSVA 6.5 works in ICAP deployment mode, it may not 
               be able to respond to some ICAP requests and when this 
               happens, clients receive service unavailable errors.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: This hot fix enables IWSVA 6.5 to respond to ICAP 
               requests normally.


  8. Contact Information
  ======================================================================
     A license to the Trend Micro software usually includes the right to
     product updates, pattern file updates, and basic technical support
     for one (1) year from the date of purchase only. After the first
     year, Maintenance must be renewed on an annual basis at 
     Trend Micro's then-current Maintenance fees.

     You can contact Trend Micro by fax, phone, and email, or visit us
     at:

     http://www.trendmicro.com

     Evaluation copies of Trend Micro products can be downloaded from 
     our web site.

     Global Mailing Address/Telephone numbers
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     For global contact information in the Asia/Pacific region, 
     Australia and New Zealand, Europe, Latin America, and Canada, 
     refer to:

     http://www.trendmicro.com/en/about/overview.htm

     The Trend Micro "About Us" screen displays. Click the appropriate
     link in the "Contact Us" section of the screen.

     Note: This information is subject to change without notice.


  9. About Trend Micro
  ======================================================================
     As a global leader in cloud security, Trend Micro develops Internet
     content security and threat management solutions that make the 
     world safe for businesses and consumers to exchange digital 
     information. With over 20 years of experience, Trend Micro provides 
     top-ranked client, server, and cloud-based solutions that stop 
     threats faster and protect data in physical, virtualized, and cloud 
     environments.   
   
     As new threats and vulnerabilities emerge, Trend Micro remains 
     committed to helping customers secure data, ensure compliance, 
     reduce costs, and safeguard business integrity. 
     For more information, visit:

     http://www.trendmicro.com
  
     Trend Micro, the t-ball logo, InterScan, and Control Manager are 
     trademarks or registered trademarks of Trend Micro Incorporated. 
     All other product or company names may be trademarks or registered 
     trademarks of their owners.
 
     Copyright 2015, Trend Micro Incorporated. All rights reserved.


  10. License Agreement
  ======================================================================
     Information about your license agreement with Trend Micro can be
     viewed at:

     http://us.trendmicro.com/us/about/company/user_license_agreements/

     Third-party licensing agreements can be viewed:

     - By selecting the "About" option in the application user
       interface

     - By referring to the "Legal" page of the Getting Started Guide or
       Administrator's Guide     
