<> Trend Micro Incorporated January 20, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) for Linux(TM) 3.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents =================================================================== 1. About ServerProtect for Linux 3.0 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing ServerProtect for Linux 3.0 5.2 Removing ServerProtect for Linux 3.0 After the Trial Period 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. About ServerProtect for Linux ======================================================================== ServerProtect for Linux provides comprehensive protection against computer viruses/spyware, Trojans, worms, and other security risks for file servers based on the Linux operating system. Managed through an intuitive, portable web-based console or Linux command line console, ServerProtect provides centralized virus scanning, pattern updates, event reporting and antivirus configuration. 2. What's New ======================================================================== The following new features are available in ServerProtect for Linux 3.0: - Enables ServerProtect for Linux 3.0 to work on any version of VMware(R) ESX/ESXi running on any operating system supported by ServerProtect for Linux 3.0 - Support for x86_64 CPU Architecture - Support for platforms - Red Hat(TM) Enterprise Linux 6 (Workstation, Server, Client) - Support Microsoft(TM) Internet Explorer(TM) 9.0 - Support Mozilla(R) Firefox(R) 4 - Trend Micro Control Manager(TM) 5.5 support - Kernel Hook Module (KHM) open source licensed under GPL - Anti-spyware - Notification Icon and Pop-up Virus Information in the KDE desktop - Bypass password for local logon - Logon session control - Option to exclude OpenAFS network-mounted drives from scanning - SMTP authentication for sending email notifications - New "Summary" screen in the web console - Two new notification events: pattern update unsuccessful notification and malware action unsuccessful notification - Provide options to join the World Virus Tracking Program (WVTP) - Resolve conflict issue between auditd and KHM - Dynamic KHM debug log enabling/disabling - Bypass command for Real-time Scan To enable this feature: 1. Open "/opt/TrendMicro/SProtectLinux/tmsplx.xml". 2. Set "RealtimeExcludeCommand" to the commands needed to bypass. Separate multiple commands with ":". 3. Restart the ServerProtect for Linux service. - Manual/Scheduled Scan result mail notification To enable this feature: 1. Open "/opt/TrendMicro/SProtectLinux/tmsplx.xml". 2. Set "AlertInfectionFoundByMS" to "1". 3. Restart the ServerProtect for Linux service. - Timeout mechanism for registering to Control Manager To set the timeout value: 1. Open "/opt/TrendMicro/SProtectLinux/tmsplx.xml". 2. Set "CMRegistrationTimeout" to a positive number. 3. Restart the ServerProtect for Linux service. - Single file size limit for Manual/Scheduled Scan and Real-time Scan To enable this feature: 1. Open "/opt/TrendMicro/SProtectLinux/tmsplx.xml". 2. For Real-time Scan, set "RealtimeNotScanSize" to a value in megabytes. For Manual/Scheduled Scan, set "OnDemandNotScanSize" to a value in megabytes. 3. Restart the ServerProtect for Linux service. Please refer to the "Getting Started Guide" or "Administrator's Guide" for details. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ServerProtect. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ServerProtect. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get ServerProtect "up and running". - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== ServerProtect for Linux requires the following hardware and software specifications on the computers where it is installed: Processor ~~~~~~~~~ - Intel(TM) Pentium(TM) II or higher - AMD(TM) Athlon(TM) or higher NOTE: This version of ServerProtect supports Intel processors with Intel 64 architecture and AMD processors with AMD64 technology. Intel Itanium architecture is not supported. Memory ~~~~~~ 512MB or more (1GB recommended for application/file servers) Disk space ~~~~~~~~~~ - 300MB for the "/opt" directory - 300MB for the "/tmp" directory Linux Distributions and Kernels ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Red Hat Enterprise Linux 6 (i686 and x86_64) - 2.6.32-71.18.2.el6.i686.i686 - 2.6.32-71.el6.i686.i686 - 2.6.32-71.18.2.el6.x86_64 - 2.6.32-71.el6.x86_64 NOTE: Real-time Scan is disabled if you do not have the appropriate KHM installed for your operating system. If the KHM is not included in the package, please check the Trend Micro web site for other officially released KHMs: http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval =111®s=NABU&lang_loc=1 NOTE: You can also build the KHM on your Linux system using the open-source code included in the ServerProtect installation package. Trend Micro does not provide support for the KHM you built yourself. For detailed instructions on building and installing a KHM, refer to the INSTALL file in the "/opt/TrendMicro/SProtectLinux/SPLX.module/scr/module" directory or the appendix in the Getting Started Guide. Warning: During the KHM build process, some Linux computers may experience a kernel panic or system hang. Thus, Trend Micro recommends you perform these operations on a test computer. Web Browsers ~~~~~~~~~~~~ - Internet Explorer 5.5 with Service Pack 2 or higher - Mozilla 1.7 or higher - Firefox 1.0 or higher - Microsoft Edge 93.0 or higher - Google Chrome 93.0 or higher NOTE: To use a Mozilla web browser to access the ServerProtect web console, you must also install Sun Microsystem(TM) Java(TM) Runtime Environment 1.4.2_01. If the Java Runtime Environment is not installed, the password encryption feature for proxy, Trend Micro Control Manager or SMTP server password settings will not work. X Window for Quick Access console ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ KDE 3.3 or higher NOTE: The Quick Access console is available only when you are logged on as root. Control Manager ~~~~~~~~~~~~~~~ - Control Manager 5.0 with Hotfix B1797 - Control Manager 5.5 5. Installation ======================================================================== NOTE: Before you install ServerProtect on your Linux computer, make sure the following dependent packages are installed (The package version may change in future RHEL6 release): - glibc-2.12-1.7.el6.i686 - zlib-1.2.3-25.el6.i686 - compat-libstdc++-296-2.96-144.el6.i686 - libuuid-2.17.2-6.el6.i686 - nss-softokn-freebl-3.12.7-1.1.el6.i686 - libgcc-4.4.4-13.el6.i686 5.1 Installing ServerProtect for Linux 3.0 ===================================================================== To install ServerProtect for Linux 3.0: 1. Log on as a root user. 2. From the directory containing the ServerProtect installation files, type the following at the command line: ./SProtectLinux-3.0.bin TIP: For details on command options, type ./SProtectLinux-3.0.bin -h at the command line. NOTE: To install ServerProtect with Real-time Scan disabled, use the -n option. After the installation is complete, set the value of the RealtimeScan parameter to "0" in the "tmsplx.xml" configuration file and restart the ServerProtect service. For more information, refer to the "Getting Started Guide". The installer extracts and installs the required files to appropriate locations on Linux system. After the installation, you can access the ServerProtect web console from the following URLs: http://:14942/ or https://:14943/ If you access ServerProtect through the web console, verify that ports 14942 and 14943 are open on the Linux system. Evaluation Version ~~~~~~~~~~~~~~~~~~ An Activation Code (also called a serial number) is required to enable scanning and product updates. You can activate ServerProtect during Setup or anytime thereafter. See the "Registering and Activating ServerProtect" topic in the ServerProtect online help for details. Important: Trend Micro recommends that you set your logon password as soon as you install ServerProtect. There is no default password. NOTE: To install ServerProtect on multiple computers, use the "RemoteInstall" program. Please refer to the "Installation" chapter of the "Getting Started Guide" for details. 5.2 Removing ServerProtect for Linux 3.0 After the Trial Period ===================================================================== To remove ServerProtect: 1. Log on as a root user. 2. Type the following at the command line: rpm -e SProtectLinux The command above command automatically stops the ServerProtect service, and removes the application. 6. Post-installation Configuration ======================================================================== 6.1 Verifying Real-time Scan Status ===================================================================== To ensure that Real-time Scan is properly activated and that it starts properly on kernel-dependent installations, log onto the ServerProtect web console and check the Real-time Scan settings after installing the product. 6.2 Initiating Automatic Update on Control Manager ===================================================================== After you have registered ServerProtect to Control Manager, you must configure settings on the Control Manager server to initiate automatic component update on the ServerProtect computer. To initiate automatic update from Control Manager: 1. Make sure you have successfully registered ServerProtect to Control Manager. 2. Log onto the Control Manager web console and select "Product Programs" in the "Manual Download" or "Scheduled Download" screen. 3. From Control Manager, perform a component update. NOTE: Trend Micro recommends updating the scan engine and virus/spyware pattern files immediately after installing the product. 7. Known Issues ======================================================================== Here are the known issues in this release. 7.1 When selinux is running at the same time, ServerProtect may not function properly ===================================================================== The ServerProtect service may conflict with the selinux service on your Linux system. 7.2 ServerProtect Real-time Scan cannot resolve full file paths in chroot environments ===================================================================== ServerProtect Real-time Scan cannot resolve full file paths in chroot environments. If users want to scan or exclude the chroot file paths, please check the relative file paths after chroot and add these to the Real-time Scan directories or Real-time Scan exclusion lists. 7.3 Cannot open online help window in Internet Explorer 7.0 or above ===================================================================== By default, Internet Explorer 7.0 blocks all pop-up windows, including the online help screens. To resolve this issue, please allow pop-up windows for the ServerProtect "Help menu" in Internet Explorer 7.0. 7.4 Setting "UserLevelDebug" to "5" for ServerProtect causes the system to hang after restarting. ===================================================================== On x86_64 platforms, after setting "UserLevelDebug" to "5" (the highest debug level) and restarting the computer, the system hangs. To resolve this issue, add "/var/log" in the Real-time Scan exclusion list. Make sure the debug log file(s) is located in the "/var/log" directory. NOTE: You must restart syslog before restarting the ServerProtect service when you want to enable debug logging. To disable debug logging, you must restart the ServerProtect service before restarting syslog. You need to restart the syslog service immediately after you modify the "syslog.conf" file when you enable debug logging. 7.5 ServerProtect KHM conflicts with Trend Micro InterScan(TM) VirusWall(TM) 6.0 on RHEL4 platforms ===================================================================== If you have InterScan VirusWall 6.0 or above installed on the same computer on which you have also installed ServerProtect, you will not be able to stop the ServerProtect service successfully. To solve this problem, stop FTP scanning on InterScan Virus first before you stop the ServerProtect service. 7.6 Users need to manually configure to enable Single Sign-On (SSO) to work in a Network Address Translation (NAT) environment ===================================================================== When registering ServerProtect to a Control Manager server through NAT, you cannot access the ServerProtect web console using SSO. To resolve this issue: 1. Add a port forwarding rule on your NAT device. 2. Set the "IPAddressList" key value in the "/opt/TrendMicro/ SProtectLinux/Agent.ini" file to the IP address of the public interface on the NAT device. 3. Open the "/opt/TrendMicro/SProtectLinux/Product.ini" file and set the "ProtocolName" parameter to either "http" or "https" and the port number to "14942" or "14943" respectively to configure port forwarding in a NAT-enabled network. 4. Restart the ServerProtect service. After the configuration, you should be able to access the ServerProtect web console through SSO. 7.7 Unable to start the VNC server on x86_64 Linux platforms after installing ServerProtect ===================================================================== On x86_64 Linux platforms, users cannot start the VNC server after installing ServerProtect. This issue is not reported on i686 Linux platforms. To resolve this issue on RHEL6: 1. Disable Real-time Scan in ServerProtect by typing "./splxmain -x" in the "/opt/TrendMicro/SProtectLinux/SPLX.vsapiapp/" directory. 2. Start the VNC server. 3. Start Real-time Scan by typing "./splxmain -v" in the "/opt/TrendMicro/SProtectLinux/SPLX.vsapiapp/" directory. 7.8 ServerProtect Real-time Scan does not scan files in NFS shared folders when the files are operated by NFS clients ===================================================================== When installed on an NFS server, ServerProtect Real-time Scan does not scan files in NFS shared folders for viruses when the files are operated by NFS clients. Once a file operation is performed on the NFS server, ServerProtect Real-time Scan will scan the files for viruses. 7.9 Unable to configure the action to unscannable files ===================================================================== In section 1-3 of the "Administrator's Guide", under "Password Protected/Encrypted Files", it states that you can configure the action to unscannable files. However, you cannot configure this action. The action for all unscannable files is "pass" and there is no system log for it. 7.10 The tray-icon of ServerProtect for Linux may not start even in a KDE desktop environment. ===================================================================== To reduce the dependency of the ServerProtect for Linux package, the dependency of the tray-icon binary (virus_catch_monitor) is not checked during installation. "virus_catch_monitor" is a 32-bit binary which has some dependency on some 32-bit libraries. These libraries may not be installed on RHEL6 x86_64 platform by default. So there is a possibility that the virus tray-icon will not start. To solve the issue: 1. Verify if the following packages are installed (the package version may change in future releases of RHEL6): - gtk2-2.18.9-4.el6.i686 - atk-1.28.0-2.el6.i686 - pango-1.28.1-3.el6.i686 - libstdc++-4.4.4-13.el6.i686 - libX11-1.3-2.el6.i686 - libXfixes-4.0.4-1.el6.i686 - cairo-1.8.8-3.1.el6.i686 - fontconfig-2.8.0-3.el6.i686 - libXext-1.1-3.el6.i686 - libXrender-0.9.5-1.el6.i686 - libXinerama-1.1-1.el6.i686 - libXi-1.3-3.el6.i686 - libXrandr-1.3.0-4.el6.i686 - libXcursor-1.1.10-2.el6.i686 - libXcomposite-0.4.1-2.el6.i686 - libXdamage-1.1.2-1.el6.i686 - libpng-1.2.44-1.el6.i686 - libXft-2.1.13-4.1.el6.i686 - freetype-2.3.11-5.el6.i686 - libxcb-1.5-1.el6.i686 - pixman-0.16.6-1.el6.i686 - libselinux-2.0.94-2.el6.i686 - expat-2.0.1-9.1.el6.i686 - libXau-1.0.5-1.el6.i686 2. Restart the ServerProtect for Linux service. 7.11 The "execve" hook in ServerProtect service conflicts with the selinux service on RHEL6 x86_64 platforms. ===================================================================== To support "execve" hook on 2.6.32 x86_64 kernels, ServerProtect for Linux uses the Linux Security Module (LSM) to perform the execve hook. A conflict may occur under this situation because the kernel only allows one LSM module to register at a time. To resolve this issue, stop the selinux service before installing or running ServerProtect. To stop the service: 1. Open "/etc/selinux/config". 2. Set "SELINUX=disabled". 3. Restart your computer. 7.12 ServerProtect for Linux is not compatible with UEFI Secure Boot. ===================================================================== If UEFI Secure Boot is enabled, KHM will not load properly. To work around this issue, disable the UEFI Secure Boot feature before installing ServerProtect, or use a signed KHM. To use a signed KHM: 1. Sign the KHM by following the corresponding procedure for signing a kernel module on your operating system. 2. Stop the ServerProtect for Linux service. 3. Copy the signed KHM to the "/opt/TrendMicro/SProtectLinux/SPLX.module/" folder. 4. Start the ServerProtect for Linux service. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, ServerProtect, Control Manager, InterScan, VirusWall, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the "Administrator's Guide"