<> Trend Micro, Inc. June 8, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 9.1 Build 1600 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: http://olr.trendmicro.com/ Contents ========================================================= 1. About InterScan Messaging Security Virtual Appliance 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreements ========================================================= 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and antispyware. Content filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 2. What's New ======================================================================== IMSVA 9.1 includes the following new features and enhancements: 2.1 Syslog Integration ===================================================================== To provide enterprise-class logging capabilities, IMSVA supports sending logs through the syslog protocol to multiple external syslog servers in a structured format. On the IMSVA management console, you can add, delete, import and export syslog servers. 2.2 Multiple Virtual Analyzer Servers ===================================================================== To achieve better load balance and failover capabilities, IMSVA allows you to add multiple servers for Virtual Analyzer. You can also enable, disable and delete Virtual Analyzer servers on the IMSVA management console. 2.3 SMTP Traffic Throttling ===================================================================== SMTP Traffic Throttling blocks connections or messages from a single IP address or sender for a certain time when the number of messages reaches the specified maximum. 2.4 Audit Log Support ===================================================================== As an enhanced log category of system events, "Audit log" replaces "Admin activity" on the IMSVA management console. Audit logs record various administrator operations and provide a way to query activities of specified administrator accounts. 2.5 Enhanced Queue Management ===================================================================== IMSVA uses mail transfer agent (MTA) queues to store messages that just arrived, messages ready to be delivered to the next MTA, messages deferred due to delivery failure, and messages kept on hold for later manual delivery. Specific actions can be taken on the messages in MTA queues. 2.6 Enhanced Smart Protection ===================================================================== IMSVA supports both Trend Micro Smart Protection Network and Smart Protection Server as smart protection sources. Smart Protection Servers are supported to localize smart protection services to the corporate network to reduce outbound traffic and optimize efficiency. 2.7 External Database Support ===================================================================== IMSVA allows you to use not only the internal but also external PostgreSQL database as the admin database or the End-User Quarantine (EUQ) database. 2.8 Time-of-Click Protection ===================================================================== IMSVA provides time-of-click protection against malicious URLs in email messages. If you enable Time-of-Click Protection, IMSVA rewrites URLs in email messages for further analysis. Trend Micro analyzes those URLs at the time of click and will block them if they are malicious. 2.9 Connected Threat Defense ===================================================================== Configure IMSVA to subscribe to the suspicious object lists on the Trend Micro Control Manager server. Using the Control Manager console, you can specify customized actions for objects detected by the suspicious object lists to provide custom defense against threats identified by endpoints protected by Trend Micro products specific to your environment. Control Manager facilitates the investigation of targeted attacks and advanced threats using suspicious objects. Files and URLs that have the potential to expose systems to danger or loss will be detected. 2.10 DomainKeys Identified Mail (DKIM) Signature ===================================================================== IMSVA supports adding DKIM signatures to outgoing email messages. On the IMSVA management console, you can add or delete DKIM signatures and import or export DKIM signature files. 2.11 Report Delivery Through Email ===================================================================== IMSVA allows you to send newly generated reports and archived reports through email. Detailed views of reports will be included. 2.12 Keyword and Expression Enhancement ===================================================================== To improve visibility of triggered keywords and expressions, the entity name (where the keyword expression appears in a message) and the matched expressions now appear in the policy event log query details page. Administrators can also add a description to new keyword expressions for better tracking. 2.13 Attachment Names Supported by Message Tracking Logs ===================================================================== Message tracking logs include attachment names as a new attribute. Multiple attachment names can be specified to query message tracking logs. 2.14 Logon Notice Support ===================================================================== Customizable logon notices are available both on the administrator logon page and EUQ logon page. 2.15 Quarantine Event Summary ===================================================================== IMSVA provides quarantine event logs and reports for you to learn information about quarantine events, for example, the percentage of release events in all the quarantine events. 2.16 LDAPS Support ===================================================================== IMSVA supports LDAP over SSL (LDAPS) that provides you a secure and encrypted channel to communicate with LDAP servers. 2.17 Ransomware Detection ===================================================================== IMSVA gives you more visibility on ransomware detected by IMSVA. You can either query ransomware detections in logs or add a widget for ransomware detections on the dashboard. 2.18 Virtual Analyzer Integration Improvement ===================================================================== IMSVA allows you to define rules to send email messages with specified attachment names or extensions to Virtual Analyzer for analysis. 3. Documentation Set ======================================================================== The documentation set for this product includes the following: o Administrator's Guide -- Product overview, configuration instructions, and basic information to get you "up and running" o Installation Guide -- Deployment, installation, and integration information designed to help you install and upgrade IMSVA Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task o Knowledge Base -- A searchable database of known product issues, including specific problem-solving and troubleshooting topics http://esupport.trendmicro.com 4. System Requirements ======================================================================== 4.1 Operating System ===================================================================== A standard CentOS(TM) Linux(TM) operating system is contained within IMSVA. 4.2 Hardware Requirements for Bare Metal Server ===================================================================== Recommended System Requirements - 8-core Intel(TM) Xeon(TM) processor or equivalent - 8 GB RAM - 250 GB hard disk space or more. IMSVA automatically partitions the detected disk space based on recommended Linux practices. - Monitor that supports 800 x 600 resolution with 256 colors or higher Minimum System Requirements - Dual-core Intel Xeon processor or equivalent - 4 GB RAM - At least 120 GB hard disk space. IMSVA automatically partitions the detected disk space based on recommended Linux practices. - Monitor that supports 800 x 600 resolution with 256 colors or higher To obtain a list of Trend Micro certified servers that are guaranteed to be compatible with IMSVA, access the following URL: http://www.trendmicro.com/go/certified To obtain a list of available platforms that should operate with IMSVA, access the following URL: http://wiki.centos.org/HardwareList 4.3 System Requirements for VMware ===================================================================== Recommended Virtual Machine Requirements and System Settings - 8-core Intel Xeon processor or equivalent - 8 GB RAM - 250 GB of disk space or more. IMSVA automatically partitions the detected disk space based on recommended Linux practices. Minimum Virtual Machine Requirements and System Settings - Dual-core Intel Xeon processor or equivalent - 4 GB RAM - 120 GB disk space. IMSVA automatically partitions the detected disk space based on recommended Linux practices. Platform support - VMware ESXi 5.0 Update 3 - VMware ESXi 5.5 Update 2 - VMware ESXi 6.0 - Microsoft(TM) Windows(TM) Server 2008 R2 Service Pack 1 with Hyper-V(TM) - Windows Sever 2012 with Hyper-V - Windows Sever 2012 R2 with Hyper-V - Microsoft Hyper-V Server 2008 R2 Service Pack 1 - Microsoft Hyper-V Server 2012 R2 4.4 Application Requirements ===================================================================== To connect to the IMSVA Command Line Interface (CLI) console, use an SSH communications application. Browser - Microsoft Internet Explorer(TM) 9, 10, or 11, Edge 31 or later - Firefox 45 To access the IMSVA management console, use the following URL: https://[IMSVA IP Address]:8445 LDAP Server - Microsoft Active Directory 2008 R2, 2012, or 2012 R2 - IBM Lotus Domino 8.0, 8.5, or 9.0 - Sun One LDAP 5.2 or above - OpenLDAP 2.4.23 Trend Micro Control Manager(TM) - Version 5.5 Service Pack 1 Patch 4 - Version 6.0 Service Pack 3 Patch 1 Hotfix 3262 5. Installation ======================================================================== IMSVA 9.1 supports upgrading only from IMSVA 9.0 and migrates existing configuration and policy data during the upgrade. The configuration and policy information for the following product versions can be migrated to IMSVA 9.1: - IMSVA 9.0 Patch 1 - IMSVA 8.5 Service Pack 1 Patch 1 - IMSVA 8.2 Service Pack 2 Patch 1 - IMSVA 8.0 Patch 2 - InterScan Messaging Security Suite (IMSS) 7.5 Windows - IMSS 7.1 Windows Patch 3 - IMSS 7.1 Linux Service Pack 2 - IMSS 7.0 Solaris Service Pack 1 Patch 4 Inline upgrade from IMSVA 9.0 Patch 1 to IMSVA 9.1 is supported in this release. For installation instructions, see the IMSVA 9.1 Installation Guide. By default, the IMSVA server is not an open relay after installation. If you activate SPS, SPS scanning is enabled by default. Activating SPS also activates IP Filtering. You can enable or disable IP Filtering later from the IMSVA management console. Note: The IMSVA 9.1 official release does not support upgrade from the IMSVA 9.1 Beta release, but supports migration of Beta release configurations. 6. Post-Installation Configuration ======================================================================== After successful installation of IMSVA, Trend Micro recommends performing the following post-installation configuration tasks: 1. Register and activate IMSVA. 2. Configure user accounts. 3. Download the latest components to enhance security protection. 4. Configure policies and policy notifications. For details on these tasks, see the IMSVA 9.1 Administrator's Guide. Note: Connection to Cloud Pre-Filter requires port 9000 to be open. If the ActiveUpdate proxy is specified on the IMSVA management console, the proxy server requires port 9000 to be open. 7. Known Issues ======================================================================== The following list outlines the known issues in this release: 1. If Cloud Pre-Filter deletes an email message with no subject, and a user queries that email message on the management console, the logs display "??" in the subject line. 2. Users cannot use the Down-Level Logon Name format (for example, "DOMAIN\UserName") to create LDAP admin accounts. IMSVA accepts only accounts that contain a User Principal Name (UPN). 3. The following issues occur if IMSVA cannot convert the subject line text to UTF-8: - The logs display garbled text. - IMSVA quarantines the email message and the Subject field displays the message "Unsupported charset non-UTF-8" if a user attempts to view the email message through the management console. Note: IMSVA attempts to convert characters to UTF-8 whenever the Subject line: - Does not contain character set information - Contains special characters (such as the copyright symbol) - Contains double-byte characters 4. To view the management console using Internet Explorer, users must first perform the following: a. Go to "Tools > Internet Options > Security > Trusted Sites > Sites". b. Add the IP address of the computer on which IMSVA is installed. c. Click "Close". 5. IMSVA may still scan and quarantine email messages even after a user deploys a policy with the "handoff" action. Email messages may still be quarantined if they trigger scanning exceptions because IMSVA prioritizes exceptions over spam and content filters. 6. If time settings (including time zones) are not synchronized across IMSVA servers, certain functions (such as log purge and End User Quarantine sign-in with Kerberos) may not work as expected. 7. The monitor action "BCC" does not function for the following security settings violations (under "Scanning Exceptions"): - Total message size exceeds - Total # recipients exceeds 8. IMSVA encounters issues when decrypting email messages that were not encrypted using UTF-8. The subject line in the decrypted email messages may contain either garbled text or a series of question marks. 9. IMSVA cannot perform content filtering on a PDF file if: - Access permission of the file is set to "read only"; and - The file is encrypted using RC4, and the key length is greater than 40 bits. Note: IMSVA can still perform an antivirus check on the file. 10. IMSVA does not check for spoofed internal messages if the recipient is an IPv6 address. 11. SOCKS4 does not support IPv6. 12. The IBE server does not support connections with the IPv6 proxy server. 13. IP Profiler does not support IPv6. 14. Product license management does not support SOCKS connections with the IPv6 proxy server. 15. IMSVA detects Command & Control (C&C) email messages based on addresses only in the message header. 16. The IMSVA and Control Manager message counts for C&C email do not align. IMSVA counts all incoming and outgoing messages that trigger the filter, while Control Manager counts only outgoing messages. 17. If a message is deferred because of a Smart Scan query error, IMSVA incorrectly logs the action as postponed. 18. Smart Scan cannot fail over to Conventional Scan while in high availability mode. 19. DKIM signing identifies inbound or outbound email messages based on internal addresses, but DKIM signing does not regard LDAP groups as internal addresses. If you set internal addresses using an LDAP group, DKIM signing does not use this LDAP group for identifying inbound email messages. 20. When delivering an email message, IMSVA first sends the email message to the destination server with the highest priority. If the destination server returns a "4XX" or "5XX" error after being connected, IMSVA still considers the destination server available and sends the email message to it. 21. If the time zone setting on the IMSVA server is different from that on the database server, policy event logs cannot be queried. 22. When IMSVA delivers reports through email, users might be unable to access links in the reports if they use Microsoft Office 365 to check email messages. 23. On the IMSVA management console, the active navigation menu is highlighted after being clicked. In Microsoft Internet Explorer(TM) 9, the menu highlight color cannot be shown properly. 24. IMSVA rewrites URLs in email messages to provide time-of-click protection. If the email messages contain both URLs and Chinese characters in plain text, IMSVA extracts incorrect URLs and rewrites them improperly. 25. Each registered Activation Code matches a unique key. If an Activation Code has been registered to the Time-of-Click Protection service, it cannot be changed to another registered Activation Code because the matching key cannot change. 26. IMSVA rewrites URLs in email messages to provide time-of-click protection. If users forward or reply to those email messages after the URLs have been rewritten, IMSVA will check the URLs again. In this case, IMSVA is unable to extract the rewritten URLs from plain text, and a return error is recorded in message tracking logs. This error does not affect users. 8. Release History ======================================================================== - IMSS for Linux 5.7, November 2005 - IMSS for Windows 5.7, November 2005 - IMSS for Solaris(TM) 5.7, January 2006 - InterScan Messaging Security Appliance (IMSA) 1.0, August 2006 - IMSS for Linux 7.0, February 2007 - IMSS for Windows 7.0, April 2007 - IMSA 7.0, May 2007 - IMSS for Solaris 7.0, July 2007 - IMSS for Linux 7.0 Service Pack 1, October 2007 - IMSS for Windows 7.0 Service Pack 1, November 2007 - IMSA 7.0 Service Pack 1, January 2008 - IMSS for Solaris 7.0 Service Pack 1, February 2008 - IMSVA 7.0, September 2008 - IMSS for Linux 7.1, June 2009 - IMSS for Windows 7.1, November 2009 - IMSVA 8.0, September 2010 - IMSVA 8.2, September 2011 - IMSVA 8.2 Service Pack 1, July 2012 - IMSVA 8.2 Service Pack 2, December, 2012 - IMSVA 8.5, May 2013 - IMSVA 8.5 Service Pack 1, March 2014 - IMSVA 9.0, Oct 2014 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at the following website: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2016, Trend Micro Incorporated. All Rights Reserved. Trend Micro, the t-ball logo, Smart Protection Network, InterScan, Data Loss Prevention, and Control Manager are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreements ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed by: - Selecting the "About" option on the management console