<> Trend Micro Incorporated January 20, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) for Linux(TM) Version 3.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents =================================================================== 1. About ServerProtect for Linux 2. What's New 3. Document Set 4. Recommended System Requirements 5. Installation 5.1 Removing ServerProtect After Evaluation Period 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. About ServerProtect for Linux ======================================================================== Trend Micro ServerProtect for Linux provides comprehensive protection against computer viruses/spyware, Trojans, worms, and other security risks for file servers based on the Linux operating system. Managed through an intuitive, portable Web-based console or Linux command line console, ServerProtect provides centralized virus scanning, pattern updates, event reporting and antivirus configuration. 2. What's New ======================================================================== The following new features are available in ServerProtect for Linux version 3.0: - Support for x86_64bit CPU Architecture - Support for new platforms - CentOS4, CentOS5, SLES11/SLED11 (i686,X86_64) - Support the latest kernel versions for CentOS4(i686, x86_64) and CentOS5(i686, x86_64), SLES11(i686, x86_64) - Support for Microsoft(TM) Internet Explorer(TM) 8.0 - Kernel Hook Module (KHM) open source licensed under GPL - Anti-spyware - Notification Icon and Pop-up Virus Information in the KDE desktop - Bypass password for local logon - Logon session control - Option to exclude OpenAFS network-mounted drives from scanning - SMTP authentication for sending email notifications - New Summary screen in the web console - Two new notification events: pattern update unsuccessful notification and malware action unsuccessful notification - Provide options to join the World Virus Tracking Program (WVTP) - Resolve conflict issue between auditd and KHM - Dynamic khm debug log enabling/disabling - Bypass command for real time scan temporarily #echo "command name" > /proc/splx/command_exclusion For example: If you don't want realtime to scan "httpd" and "postfix", you can execute #echo httpd postfix > /proc/splx/command_exclusion NOTES: - Run the command only after applying the new KHM built from KHM source code contained in the installation directory. - The command list will reset when vsapiapp restarts. - Manual/Schedule scan result mail notification To enable this feature: 1. Open "/opt/TrendMicro/SProtectLinux/tmsplx.xml" 2. Set "AlertInfectionFoundByMS" to "1". 3. Restart the splx service. - Timeout mechanism for registering to Trend Micro Control Manager(TM). To set the timeout value: 1. Open "/opt/TrendMicro/SProtectLinux/tmsplx.xml" 2. Set "CMRegistrationTimeout" to a positive number. 3. Restart the splx service. Please refer to the "Getting Started Guide" or "Administrator's Guide" for details. 3. Document Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ServerProtect. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ServerProtect. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get ServerProtect "up and running". - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. Recommended System Requirements ======================================================================== ServerProtect for Linux requires the following hardware and software specifications on the computers where it is installed: Processor ~~~~~~~~~ - Intel(TM) Pentium(TM) II or higher - AMD(TM) Athlon(TM) or higher NOTE: This version of ServerProtect supports Intel processors with Intel 64 architecture and AMD processors with AMD64 technology. Intel Itanium architecture is not supported. Memory ~~~~~~ 512MB or more (1GB recommended for application/file servers) Disk space ~~~~~~~~~~ - 250MB for the /opt directory - 250MB for the /tmp directory Linux Distributions and Kernels ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - CentOS 4 (i686 and x86_64): - 2.6.9-89.0.19.EL i686 - 2.6.9-89.0.19.ELsmp i686 - 2.6.9-89.0.19.EL x86_64 - 2.6.9-89.0.19.ELsmp x86_64 - CentOS 5 (i686 and x86_64) - 2.6.18-164.11.1.el5 i686 - 2.6.18-164.11.1.el5PAE i686 - 2.6.18-164.11.1.el5xen i686 - 2.6.18-164.11.1.el5 x86_64 - 2.6.18-164.11.1.el5xen x86_64 - SUSE(TM) Linux Enterprise 11 (Server or Desktop) (i686 and x86_64) - 2.6.27.42-0.1.1-default i686 - 2.6.27.42-0.1.1-xen i686 - 2.6.27.42-0.1.1-pae i686 - 2.6.27.42-0.1.1-default x86_64 - 2.6.27.42-0.1.1-xen x86_64 NOTE: Real-time Scanning is disabled if you do not have the appropriate Kernel Hook Module (KHM) installed for your operating system. If the KHM is not included in the package, please check the Trend Micro Web site for other officially released KHMs: http://www.trendmicro.com/download/kernel.asp?prodid=20 NOTE: You can also build the KHM on your Linux system using the open-source code included in the ServerProtect installation package. Trend Micro does not provide support for the KHM you built yourself. For detailed instructions on building and installing a KHM, refer to the INSTALL file in the "/opt/TrendMicro/SProtectLinux/SPLX.module/scr/module" directory or the appendix in the Getting Started Guide. WARNING: During the KHM build process, some Linux computers may experience a kernel panic or system hang. Thus, Trend Micro recommends you perform these operations on a test computer. Web Browsers ~~~~~~~~~~~~ - Internet Explorer 5.5 with Service Pack 2 or higher - Mozilla(TM) 1.7 or higher - Mozilla Firefox(TM) 1.0 or higher - Microsoft Edge 93.0 or higher - Google Chrome 93.0 or higher NOTE: To use a Mozilla Web browser to access the ServerProtect web console, you must also install Sun Microsystem(TM) Java(TM) Runtime Environment 1.4.2_01. If the Java Runtime Environment is not installed, the password encryption feature for proxy, Trend Micro Control Manager or SMTP server password settings will not work. X Window for Quick Access console ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ KDE 3.3 or higher NOTE: The Quick Access console is available only when you are logged on as root. Trend Micro Control Manager ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro Control Manager 3.5 with Patch 3 or above Trend Micro Control Manager 5.0 with Hotfix B1797 5. Installation ======================================================================== NOTE: Before you install ServerProtect on your Linux computer, make sure the following dependent libraries are installed: - gtk2 - pango - atk For CentOS, make sure the other dependent libraries are installed: - compat-libstdc++-296 You must be logged on as root to install ServerProtect. To install ServerProtect for Linux version 3.0: 1. From the directory containing the ServerProtect installation files, type the following at the command line: ./SProtectLinux-3.0.bin TIP: For details on command options, type ./SProtectLinux-3.0.bin -h at the command line. NOTE: To install ServerProtect with Real-time Scan disabled, use the -n option. After the installation is complete, set the value of the "RealtimeScan" parameter to "0" in the "tmsplx.xml" configuration file and restart the ServerProtect service. For more information, refer to the "Getting Started Guide". 2. The installer extracts and installs the required files to appropriate locations on Linux system. After the installation, you can access the ServerProtect Web console from the following URLs: http://:14942/ or https://:14943/ If you access ServerProtect through the Web console, verify that ports 14942 and 14943 are open on the Linux system. Evaluation Version ~~~~~~~~~~~~~~~~~~ An Activation Code (also called a serial number) is required to enable scanning and product updates. You can activate ServerProtect during Setup or anytime thereafter. See the "Registering and Activating ServerProtect" topic in the ServerProtect online help for details. IMPORTANT: Trend Micro recommends that you set your logon password as soon as you install ServerProtect. There is no default password. NOTE: To install ServerProtect on multiple computers, use the "RemoteInstall" program. Please refer to the Installation chapter of the Getting Started Guide for details. 5.1 Removing ServerProtect After Evaluation Period ===================================================================== To remove ServerProtect for Red Hat and SUSE platforms, log on as root and type the following at the command line: rpm -e SProtectLinux The above command automatically stops the ServerProtect service, and removes the application. 6. Post-Installation Configuration ======================================================================== 6.1 Verifying Real-time Scan Status ===================================================================== To ensure that Real-time Scan is properly activated and that it starts properly on kernel-dependent installations, log onto the ServerProtect Web console and check the Real-time Scan settings after installing the product. NOTE: Trend Micro recommends updating the scan engine and virus/ spyware pattern files immediately after installing the product. 6.2 Initiating Automatic Update on Control Manager ===================================================================== After you have registered ServerProtect to Control Manager, you must configure settings on the Control Manager server to initiate automatic component update on the ServerProtect computer. To initiate automatic update from Control Manager: 1. Make sure you have successfully registered ServerProtect to Control Manager. 2. Log onto the Control Manager Web console and select Product Programs in the Manual Download or Scheduled Download screen. 3. From Control Manager, perform a component update. 7. Known Issues ======================================================================== Here are the known issues in this release. 7.1 When selinux is running at the same time, ServerProtect may not function properly ===================================================================== The ServerProtect service may conflict with the selinux service on your Linux system. To resolve this issue, stop the selinux service before installing or running ServerProtect. 7.2 ServerProtect Real-time Scan cannot resolve full file paths in chroot environments ===================================================================== ServerProtect Real-time Scan cannot resolve full file paths in chroot environments. If users want to scan or exclude the chroot file paths, please check the relative file paths after chroot and add them to the Real-time Scan directories or Real-time Scan exclusion lists. 7.3 Cannot open online help window in Internet Explorer 7.0 or above ===================================================================== By default, Internet Explorer 7.0 blocks all pop-up windows, including the online help screens. To resolve this issue, please allow pop-up windows for the ServerProtect "Help menu" in Internet Explorer 7.0. 7.4 Setting UserLevelDebug to 5 for ServerProtect causes the system to hang after reboot ===================================================================== On SLES11 x86_64 platforms, after setting "UserLevelDebug" to "5" (the highest debug level) and rebooting the computer, the system hangs. To resolve this issue, add "/var/log" in the Real-time Scan exclusion list. Make sure the debug log file(s) is located in the /var/log directory. Also note that you must restart syslog before restarting the ServerProtect service when you want to enable debug logging. When disabling debug logging, you must restart the ServerProtect service before restarting syslog. NOTE: For Red Hat Linux on x86 system, restart the syslog service immediately after you have modified the "syslog.conf" file when you enable debug logging. 7.5 ServerProtect KHM conflicts with ISVW 6.0 on RHEL4 platforms ===================================================================== If you have InterScan VirusWall (ISVW) 6.0 or above installed on the same computer on which you have also installed ServerProtect, you will not be able to stop the ServerProtect service successfully. To solve this problem, stop FTP scanning on ISVW first before you stop the ServerProtect service. 7.6 Users need to manually configure to enable Single Sign-On (SSO) to work in a Network Address Translation (NAT) environment ===================================================================== When registering ServerProtect to a Control Manager server through NAT, you cannot access the ServerProtect Web console using SSO. To resolve this issue: 1. Add a port forwarding rule on your NAT device. 2. Set the IPAddressList key value (in the /opt/TrendMicro/SProtectLinux/Agent.ini file) to the IP address of the public interface on the NAT device. 3. Change the Product.ini file in the /opt/TrendMicro/SProtectLinux/ directory. Set the ProtocolName parameter to http or https. Then set the port number to 14942 or 14943 respectively to configure port forwarding in a NAT-enabled network. 4. Restart the ServerProtect service. After the configuration, you should be able to access the ServerProtect web console through SSO. 7.7 Unable to start VNC server on x86_64 Linux platforms after installing ServerProtect ===================================================================== On x86_64 Linux platforms, users cannot start the VNC server after installing ServerProtect. This issue is not reported on the i686 Linux platforms. To resolve this issue on SLES11: 1. Disable Real-time Scan in ServerProtect by typing "./splxmain -x" in the "/opt/TrendMicro/SProtectLinux/SPLX.vsapiapp/" directory. 2. Start VNC server. 3. Start Real-time Scan by typing "./splxmain -v" in the "/opt/TrendMicro/SProtectLinux/SPLX.vsapiapp/" directory. 7.8 ServerProtect Real-time Scan does not scan files in NFS shared folders when the files are operated by NFS clients ===================================================================== When installed on an NFS server, ServerProtect Real-time Scan does not scan files in NFS shared folders for viruses when the files are operated by NFS clients. Once a file operation is performed on the NFS server, ServerProtect Real-time Scan will scan the files for viruses. 7.9 Unable to configure the action to unscannable files ===================================================================== In page 18 of the Administrator's Guide, under "Password Protected/ Encrypted Files", it states that you can configure the action to unscannable files. However, you cannot configure this action. The action for all unscannable files is pass and there is no system log about it. 7.10 ServerProtect for Linux is not compatible with UEFI Secure Boot. ===================================================================== If UEFI Secure Boot is enabled, KHM will not load properly. To work around this issue, disable the UEFI Secure Boot feature before installing ServerProtect, or use a signed KHM. To use a signed KHM: 1. Sign the KHM by following the corresponding procedure for signing a kernel module on your operating system. 2. Stop the ServerProtect for Linux service. 3. Copy the signed KHM to the "/opt/TrendMicro/SProtectLinux/SPLX.module/" folder. 4. Start the ServerProtect for Linux service. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, ServerProtect, Control Manager, InterScan, VirusWall, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the "Administrator's Guide"