<<<<<<<<<<<<<>>>>>>>>>>>>>>> Trend Micro, Inc. June 30, 2009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ InterScan(TM) Messaging Security Suite (IMSS) for Linux, Version 7.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file is current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation or online at: https://olr.trendmicro.com/registration Contents ================================================== 1. About InterScan Messaging Security Suite 2. What's New 3. Document Set 4. System Requirements 4.1 Supported Distributions 5. Installation 6. Post-Installation Configuration 6.1 Changing the Server IP Address 6.2 General Information 7. Uninstallation 8. Known Issues 9. Release History 10. Contact Information 11. About Trend Micro 12. Licensing Agreements 12.1 The OpenSSL Agreement 12.2 The Apache Software Foundation 12.3 The Apache Software Foundation (Tomcat) 12.4 Postfix 12.5 Mozilla 12.6 Postgre SQL ================================================== 1. About InterScan(TM) Messaging Security Suite ========================================================================= InterScan Messaging Security Suite (IMSS) is a policy-based virus protection, anti-spam protection and content security solution for the SMTP gateway to prevent virus outbreaks and anti-spam and protect enterprise security integrity. The solution's customizable routing and relay restriction features are easy to deploy and interoperate with existing messaging environments. 2. What's New ========================================================================= IMSS 7.1 includes the following new and updated features: 2.1 Smart Protection Network Ready ====================================================================== The Trend Micro Smart Protection Network is a next generation cloud-client content security infrastructure designed to protect customers from Web threats. For more information about the Trend Micro Smart Protection Network, visit the Trend Micro Smart Protection Web site at: http://itw.trendmicro.com/smart-protection-network/index.php IMSS 7.1 provides two features from the Smart Protection Network: - Web Reputation Service (WRS): IMSS 7.1 scans URLs in non-spam email messages, using WRS, to verify that the URLs are safe. Users can define policy based actions for WRS rules - IP-Hash: IMSS 7.1 sends the IP address and hash signature of email messages to the WRS backend service. The WRS backend service correlates the information with all IMSS products worldwide, to determine if the message is spam by using its hash value. 2.2 DKIM Enforcement ====================================================================== DKIM (Domain Key Identified Mail) is an industry standard for email message authentication. Using DKIM, IMSS 7.1 can ensure that messages originate from the domain the messages claim to come from. - DKIM Approved List: Users can configure a safe domain list to bypass anti-spam detection scanning. Use the list to avoid false positives on domains known to be safe. - DKIM Enforcement: Users can configure a domain list which, uses DKIM technology. IMSS 7.1 checks all messages for a DKIM signature and performs signature verification. Messages that do not pass signature verification are then filtered and acted up by IMSS. 2.3 Import and Export Configuration Settings ====================================================================== IMSS 7.1 can import or export configuration settings to help users apply settings quickly and consistently across their network. 2.4 Policy Enhancement Features ====================================================================== - Common Policy Objects: Several building blocks that can be shared by policies have been separated from the policies. These "policy objects" can now be configured and used by all policies streamlining the policy creation and editing process. - Scan Exception Enhancement: Users can configure custom policy settings for encrypted messages and password protected attachments. Special actions can be taken on encrypted messages or password protected files sent/received by certain users or groups. - X-header Tags: Users can define customized X-headers that can be used when policies take action on email messages. 2.5 Extended File Support ====================================================================== IMSS 7.1 now supports scanning the following file types: - Office 2007 - PDF 8 2.6 Import and Export Tools for Migration ====================================================================== IMSS 7.1 provides tools specifically designed to help users migrate their configuration settings from IMSS 5.7 or IMSS 7.0 after setup. 2.7 EUQ Enhancement ====================================================================== The Web-based EUQ service allows end users to manage their quarantined messages. IMSS 7.1 now allows users to review and delete or approve messages that are quarantined by administrator-created content filters and those quarantined by Spam Prevention Solution (licensed separately from IMSS). 2.8 Trend Micro Control Manager 5.0 Support ====================================================================== IMSS 7.1 now supports integration with Control Manager 5.0 with patch 3 or later. 2.9 Incremental Pattern Updates ====================================================================== IMSS 7.1 supports incremental updates for the "Spam pattern". Incremental updates can significantly save network bandwidth when downloading the pattern. 2.10 Enhanced Anti-spyware Detection ====================================================================== IMSS 7.1 integrates a new anti-spyware pattern. The new pattern improves the spyware detection rate of IMSS 7.1. 3. Document Set ========================================================================= In addition to this readme.txt, the documentation set for this product includes the following: o Administrator's Guide -- product overview, and configuration instructions, and basic information to get you "up and running." o Installation Guide -- deployment, installation, and integration information designed to help you install and upgrade IMSS. Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Recommendations ======================================================================== Recommended System Requirements ---------------------------------------------------------------------- The recommended system requirements for installing IMSS with Spam Prevention Solution (SPS), which includes Email Reputation Services, IP Profiler, and the Trend Micro Anti-Spam Engine: - Intel(c) Quad Core CPU 1.6GHz or above - 4GB RAM - 2GB swap space if memory greater or equal 4GB, or 4GB swap space if memory less then 4GB - At least 250GB hard disk space Minimum System Requirements ---------------------------------------------------------------------- The minimum requirements for installing IMSS are: - Intel(c) Dual Pentium(c) IV 3GHz - 2GB RAM - 2GB swap space - At least 80GB hard disk space At least 500MB of free disk space is required for installation. However, more disk space might be needed depending on message volume and certain IMSS settings. ---------------------------------------------------------------------- The following is the recommended setup based on 500,000 email messages/day, a 50% quarantine rate, and logs preserved for a month: - 10GB disk space for mail storage - 50GB or more disk space for the Admin database (by default, the Admin database is in the folder "/var/imss") - 20GB or more disk space for the EUQ database (by default, the EUQ database is in the folder "/var/imss") - 40GB or more disk space for the working queue folder (by default, the working queue folder is in the folder "/opt/trend/imss/queue/") Browser: Internet Explorer 6 SP1, 7, 8, or Firefox 3.0 Postgre SQL: Version 7.4 series: 7.4.8 or above Version 8.1 series: 8.1.3 or above LDAP servers: Microsoft Active Directory 2000 or 2003 IBM Lotus Domino 6.0 or above Sun One LDAP 5.2 or above MTA: Postfix: 2.1 or above Sendmail: 8.2 or above Qmail: 1.0.3 or above Linux libraries (for all platforms): - glibc-2.3.4 - libstdc++-libc6.2-2.so.3 (Required for PostgreSQL) 4.1 Supported Distributions ====================================================================== The following Linux distributions are supported in this release: - Red Hat Enterprise Linux AS 4 Update 3 or above - Red Hat Enterprise Linux ES 4 Update 3 or above - Red Hat Enterprise Linux 5 Servers (5.0, 5.1, 5.2, 5.3, 5.4, 5.5) Note: Only 32-bit operating systems for Red Hat are supported. 5. Installation ======================================================================== For installation instructions, see the IMSS 7.1 Installation Guide. For path names, IMSS supports only US-ASCII characters. After installation, by default, the IMSS server is not an Open Relay. If you are installing IMSS and have an existing installation of PostgreSQL, you may be prompted for your database user name and password multiple times. IMSS for Linux does not contain the Postfix installation package, so use the Postfix that comes with the operating system. If you activate SPS, SPS scanning will be enabled by default. Activating SPS also activates IP Filtering. You can enable or disable IP Filtering at a later time from the Web management console. 6. Post-Installation Configuration ======================================================================== After successfully installing IMSS, Trend Micro recommends performing the following post-installation configuration steps: 1. Register and activate IMSS 2. Configure user accounts 3. Download the latest components to enhance security protection 4. Configure policies and policy notifications For detailed information about performing these tasks, see the Administrator's Guide. 7. Uninstallation ========================================================================= To uninstall IMSS 7.1, run the same installation script that you ran to install IMSS. See the Installation Guide for details. 8. Known Issues ========================================================================= The following describes known issues in this release: 8.1 IMSS attempts to convert characters to UTF8 when the subject line of an email message has no character set information, uses special characters (such as the copyright symbol), or uses double-byte characters. If the conversion to UTF8 is not successful: - The logs contain garbled characters. - IMSS quarantines the email message and the subject field displays the message "Unsupported charset non-UTF-8" if you attempt to view the message through the Web console. 8.2 To view the IMSS 7.1 Web console with Internet Explorer, on a computer running Windows 2003, do the following: 1. From the Internet Explorer menu, select: Tools > Internet Options > Security > Trusted Sites > Sites. 2. Add the IP address of the computer on which IMSS is installed. 8.3 To prevent IMSS from scanning messages, you can create a new rule to hand off the messages you do not want scanned. However, IMSS may still trap these messages if they trigger email scanning exceptions. This is because the mail scanning exception has a higher priority than spam filters and content filters. 8.4 IMSS cannot install on SeLinux (Security-Enhanced Linux) on RedHat. 8.5 IMSS cannot install on RedHat if virtualization technology is enabled. 8.6 When installing the database for IMSS, do not use double-byte characters when specifying the database password. IMSS cannot connect to the database if double-byte characters are used in the password. 9. Release History ========================================================================= Nov 2005: InterScan Messaging Security Suite for Linux v5.7 Feb 2007: InterScan Messaging Security for Linux Suite v7.0 Oct 2007: InterScan Messaging Security Suite for Linux v7.0 SP1 10. Contact Information ========================================================================= A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of some Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Website: www.trendmicro.com Copyright 2009, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, InterScan, and Trend Micro Control Manager, and eManager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreements ========================================================================= 12.1 OpenSSL: ===================================================================== Copyright (C) 1998-2001 The OpenSSL Project. All rights reserved. 12.2 Apache: ====================================================================== Copyright (C) 1997-2001 The Apache Software Foundation. All rights reserved. 12.3 Tomcat: ====================================================================== Copyright (C) 2000 The Apache Software Foundation. All rights reserved. 12.4 Postfix: ====================================================================== Copyright (C) 1997, 1998, 1999, International Business Machines Corporation and others. All rights reserved. 12.5 Mozilla: ====================================================================== The contents of this file are subject to the Netscape Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/NPL/. For a complete copy of the license for each of these products, see the online help. 12.6 Postgre SQL: ======================================================================= PostgreSQL is distributed under the classic BSD license. Basically, it allows users to do anything they want with the code, including reselling binaries without the source code. The only restriction is that you not hold us legally liable for problems with the software. There is also the requirement that this copyright appear in all copies of the software. Here is the actual BSD license we use: PostgreSQL Data Base Management System Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group Portions Copyright (c) 1994-1996 Regents of the University of California Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies. IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS