<> Trend Micro Incorporated March 22, 2024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Virtual Appliance 9.1 Build 1600 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================= 1. About InterScan Messaging Security Virtual Appliance 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement ========================================================= 1. About InterScan Messaging Security Virtual Appliance ======================================================================== InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam prevention and anti-phishing with award-winning antivirus and antispyware. Content filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is delivered on a highly scalable platform with centralized management, providing easy administration. Optimized for high performance and continuous security, the appliance provides comprehensive gateway email security. 2. What's New ======================================================================== IMSVA 9.1 includes the following new features and enhancements: 2.1 Syslog Integration ===================================================================== To provide enterprise-class logging capabilities, IMSVA supports sending logs through the syslog protocol to multiple external syslog servers in a structured format. On the IMSVA management console, you can add, delete, import and export syslog servers. 2.2 Multiple Virtual Analyzer Servers ===================================================================== To achieve better load balance and failover capabilities, IMSVA allows you to add multiple servers for Virtual Analyzer. You can also enable, disable and delete Virtual Analyzer servers on the IMSVA management console. 2.3 SMTP Traffic Throttling ===================================================================== SMTP Traffic Throttling blocks connections or messages from a single IP address or sender for a certain time when the number of messages reaches the specified maximum. 2.4 Audit Log Support ===================================================================== As an enhanced log category of system events, "Audit log" replaces "Admin activity" on the IMSVA management console. Audit logs record various administrator operations and provide a way to query activities of specified administrator accounts. 2.5 Enhanced Queue Management ===================================================================== IMSVA uses mail transfer agent (MTA) queues to store messages that just arrived, messages ready to be delivered to the next MTA, messages deferred due to delivery failure, and messages kept on hold for later manual delivery. Specific actions can be taken on the messages in MTA queues. 2.6 Enhanced Smart Protection ===================================================================== IMSVA supports both Trend Micro Smart Protection Network and Smart Protection Server as smart protection sources. Smart Protection Servers are supported to localize smart protection services to the corporate network to reduce outbound traffic and optimize efficiency. 2.7 External Database Support ===================================================================== IMSVA allows you to use not only the internal but also external PostgreSQL database as the admin database or the End-User Quarantine (EUQ) database. 2.8 Time-of-Click Protection ===================================================================== IMSVA provides time-of-click protection against malicious URLs in email messages. If you enable Time-of-Click Protection, IMSVA rewrites URLs in email messages for further analysis. Trend Micro analyzes those URLs at the time of click and will block them if they are malicious. 2.9 Connected Threat Defense ===================================================================== Configure IMSVA to subscribe to the suspicious object lists on the Trend Micro Control Manager(TM) server. Using the Control Manager console, you can specify customized actions for objects detected by the suspicious object lists to provide custom defense against threats identified by endpoints protected by Trend Micro products specific to your environment. Control Manager facilitates the investigation of targeted attacks and advanced threats using suspicious objects. Files and URLs that have the potential to expose systems to danger or loss will be detected. 2.10 DomainKeys Identified Mail (DKIM) Signature ===================================================================== IMSVA supports adding DKIM signatures to outgoing email messages. On the IMSVA management console, you can add or delete DKIM signatures and import or export DKIM signature files. 2.11 Report Delivery Through Email ===================================================================== IMSVA allows you to send newly generated reports and archived reports through email. Detailed views of reports will be included. 2.12 Keyword and Expression Enhancement ===================================================================== To improve visibility of triggered keywords and expressions, the entity name (where the keyword expression appears in a message) and the matched expressions now appear in the policy event log query details page. Administrators can also add a description to new keyword expressions for better tracking. 2.13 Attachment Names Supported by Message Tracking Logs ===================================================================== Message tracking logs include attachment names as a new attribute. Multiple attachment names can be specified to query message tracking logs. 2.14 Logon Notice Support ===================================================================== Customizable logon notices are available both on the administrator logon page and EUQ logon page. 2.15 Quarantine Event Summary ===================================================================== IMSVA provides quarantine event logs and reports for you to learn information about quarantine events, for example, the percentage of release events in all the quarantine events. 2.16 LDAPS Support ===================================================================== IMSVA supports LDAP over SSL (LDAPS) that provides you a secure and encrypted channel to communicate with LDAP servers. 2.17 Ransomware Detection ===================================================================== IMSVA gives you more visibility on ransomware detected by IMSVA. You can either query ransomware detections in logs or add a widget for ransomware detections on the dashboard. 2.18 Virtual Analyzer Integration Improvement ===================================================================== IMSVA allows you to define rules to send email messages with specified attachment names or extensions to Virtual Analyzer for analysis. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IMSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IMSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== 4.1 Operating System ===================================================================== A standard CentOS(TM) Linux(TM) operating system is contained within IMSVA. 4.2 Hardware Requirements for Bare Metal Server ===================================================================== Recommended System Requirements - 8-core Intel(TM) Xeon(TM) processor or equivalent - 8 GB RAM - 250 GB hard disk space or more. IMSVA automatically partitions the detected disk space based on recommended Linux practices. - Monitor that supports 800 x 600 resolution with 256 colors or higher Minimum System Requirements - Dual-core Intel Xeon processor or equivalent - 4 GB RAM - At least 120 GB hard disk space. IMSVA automatically partitions the detected disk space based on recommended Linux practices. - Monitor that supports 800 x 600 resolution with 256 colors or higher To obtain a list of Trend Micro certified servers that are guaranteed to be compatible with IMSVA, access the following URL: http://www.trendmicro.com/go/certified To obtain a list of available platforms that should operate with IMSVA, access the following URL: http://wiki.centos.org/HardwareList 4.3 System Requirements for VMware ===================================================================== Recommended Virtual Machine Requirements and System Settings - 8-core Intel Xeon processor or equivalent - 8 GB RAM - 250 GB of disk space or more. IMSVA automatically partitions the detected disk space based on recommended Linux practices. Minimum Virtual Machine Requirements and System Settings - Dual-core Intel Xeon processor or equivalent - 4 GB RAM - 120 GB disk space. IMSVA automatically partitions the detected disk space based on recommended Linux practices. Platforms Supported - VMware ESXi 5.0 Update 3 - VMware ESXi 5.5 Update 2 - VMware ESXi 6.0 - VMware ESXi 6.5 - VMware ESXi 6.7 - VMware ESXi 7.0 - VMWare ESXi 8.0 - Microsoft(TM) Windows(TM) Server 2008 R2 Service Pack 1 with Hyper-V(TM) - Windows Server 2012 with Hyper-V - Windows Server 2012 R2 with Hyper-V - Microsoft Hyper-V Server 2008 R2 Service Pack 1 - Microsoft Hyper-V Server 2012 R2 - Microsoft Hyper-V Server 2016 - Microsoft Hyper-V Server 2019 - Microsoft Hyper-V Server 2022 4.4 Application Requirements ===================================================================== To connect to the IMSVA Command Line Interface (CLI) console, use an SSH communications application. Browser - Microsoft Internet Explorer 9, 10, or 11, Edge 31 or higher, Edge (Chromium) 95.0.1020.53 or higher - Mozilla(R) Firefox(R) 45 To access the IMSVA management console, use the following URL: https://[IMSVA IP Address]:8445 LDAP Server - Microsoft Active Directory 2008 R2, 2012, 2012 R2, 2016, 2022 - IBM Lotus Domino 8.0, 8.5, or 9.0 - Sun One LDAP 5.2 or above - OpenLDAP 2.4.23 Control Manager - Version 5.5 Service Pack 1 Patch 4 - Version 6.0 Service Pack 3 Patch 1 Hotfix 3262 - Version 7.0 Apex Central - Version 2019 Patch 8 Hotfix 6729 NOTE: To enable support for Version 7.0, you must install IMSVA 9.1 Patch 1 with Hotfix 1690 or any later build. 5. Installation ======================================================================== You can install a fresh version of IMSVA 9.1 or upgrade from a specific InterScan Messaging Security product. The configuration and policy information for the following product versions can be migrated to IMSVA 9.1: - IMSVA 9.0 Patch 2 - IMSVA 8.5 Service Pack 1 Patch 1 - IMSVA 8.2 Service Pack 2 Patch 1 - IMSVA 8.0 Patch 2 - InterScan Messaging Security Suite (IMSS) 7.5 Windows Patch1 - IMSS 7.1 Windows Patch 3 - IMSS 9.1 Linux - IMSS 7.1 Linux Service Pack 2 Patch 1 - IMSS 7.0 Solaris Service Pack 1 Patch 4 Inline upgrade from IMSVA 9.0 Patch 1 to IMSVA 9.1 is supported in this release. 5.1 Installing ===================================================================== For installation instructions, see the IMSVA 9.1 Installation Guide. By default, the IMSVA server is not an open relay after installation. If you activate SPS, SPS scanning is enabled by default. Activating SPS also activates IP Filtering. You can enable or disable IP Filtering later from the IMSVA management console. NOTE: The IMSVA 9.1 official release does not support upgrade from the IMSVA 9.1 Beta release, but supports migration of Beta release configurations. 5.2 Uninstalling ===================================================================== No special uninstallation instructions are provided. 6. Post-Installation Configuration ======================================================================== After successful installation of IMSVA, Trend Micro recommends performing the following post-installation configuration tasks: 1. Register and activate IMSVA. 2. Configure user accounts. 3. Download the latest components to enhance security protection. 4. Configure policies and policy notifications. For details on these tasks, see the IMSVA 9.1 Administrator's Guide. NOTES: - Connection to Cloud Pre-Filter requires port 9000 to be open. If the ActiveUpdate proxy is specified on the IMSVA management console, the proxy server requires port 9000 to be open. - Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== The following list outlines the known issues in this release: 7.1 Log Queries ===================================================================== If the Cloud Pre-Filter deletes an email message with no subject, and a user queries that email message on the management console, the logs display "??" in the subject line. 7.2 LDAP Admin Accounts ===================================================================== Users cannot use the Down-Level Logon Name format, for example, "DOMAIN\UserName", to create LDAP admin accounts. IMSVA accepts only accounts that contain a User Principal Name (UPN). 7.3 Subject Line Information Format Conversion ===================================================================== The following issues occur if IMSVA cannot convert the subject line text to UTF-8: - The logs display garbled text. - IMSVA quarantines the email message and the Subject field displays the message "Unsupported charset non-UTF-8" if a user attempts to view the email message through the management console. NOTE: IMSVA attempts to convert characters to UTF-8 whenever the Subject line: - Does not contain character set information - Contains special characters (such as the copyright symbol) - Contains double-byte characters 7.4 Management Console ===================================================================== To view the management console using Internet Explorer, users must first perform the following: a. Go to "Tools > Internet Options > Security > Trusted Sites > Sites". b. Add the IP address of the computer on which IMSVA is installed. c. Click "Close". 7.5 Email Message Scans ===================================================================== IMSVA may still scan and quarantine email messages even after a user deploys a policy with the "handoff" action. Email messages may still be quarantined if they trigger scanning exceptions because IMSVA prioritizes exceptions over spam and content filters. 7.6 Time Settings ===================================================================== If the time settings (including time zones) are not synchronized across IMSVA servers, certain functions, such as log purge and End User Quarantine (EUQ) sign-in with Kerberos, may not work as expected. 7.7 Security Settings ===================================================================== The monitor action "BCC" does not function for the following security settings violations (under "Scanning Exceptions"): - Total message size exceeds - Total # recipients exceeds 7.8 Email Message Decryption ===================================================================== IMSVA encounters issues when decrypting email messages that were not encrypted using UTF-8. The subject line in the decrypted email messages may contain either garbled text or a series of question marks. 7.9 Content Filter ===================================================================== IMSVA cannot perform content filtering on a PDF file if: - Access permission of the file is set to "read only"; and - The file is encrypted using RC4, and the key length is greater than 40 bits. NOTE: IMSVA can still perform an antivirus check on the file. 7.10 Spoofed Internal Messages ===================================================================== IMSVA does not check for spoofed internal messages if the recipient is an IPv6 address. 7.11 SOCKS4 ===================================================================== SOCKS4 does not support IPv6. 7.12 IBE Server ===================================================================== The IBE server does not support connections with the IPv6 proxy server. 7.13 IP Profiler ===================================================================== IP Profiler does not support IPv6. 7.14 Product License Management ===================================================================== Product license management does not support SOCKS connections with the IPv6 proxy server. 7.15 Command & Control Email Message Detection ===================================================================== IMSVA detects Command & Control (C&C) email messages based on addresses only in the message header. 7.16 Message Count Information ===================================================================== The IMSVA and Control Manager message counts for C&C email do not align. IMSVA counts all incoming and outgoing messages that trigger the filter, while Control Manager counts only outgoing messages. 7.17 Smart Scan ===================================================================== Smart Scan cannot fail over to Conventional Scan while in high availability mode. 7.18 DKIM Signing ===================================================================== DKIM signing identifies inbound or outbound email messages based on internal addresses, but DKIM signing does not regard LDAP groups as internal addresses. If you set internal addresses using an LDAP group, DKIM signing does not use this LDAP group for identifying inbound email messages. 7.19 Email Message Delivery ===================================================================== When delivering an email message, IMSVA first sends the email message to the destination server with the highest priority. If the destination server returns a "4XX" or "5XX" error after being connected, IMSVA still considers the destination server available and sends the email message to it. 7.20 Time Zone Setting ===================================================================== If the time zone setting on the IMSVA server is different from that on the database server, policy event logs cannot be queried. 7.21 Email Notifications ===================================================================== When IMSVA delivers reports through email, users might be unable to access links in the reports if they use Microsoft Office 365 to check email messages. 7.22 Management Console ===================================================================== On the IMSVA management console, the active navigation menu is highlighted after being clicked. In Internet Explorer 9, the menu highlight color cannot be shown properly. 7.23 Time-of-Click Protection ===================================================================== IMSVA rewrites URLs in email messages to provide time-of-click protection. If the email messages contain both URLs and Chinese characters in plain text, IMSVA extracts incorrect URLs and rewrites them improperly. 7.24 Activation Codes ===================================================================== Each registered Activation Code matches a unique key. If an Activation Code has been registered to the Time-of-Click Protection service, it cannot be changed to another registered Activation Code because the matching key cannot change. 7.25 Time-of-Click Protection ===================================================================== IMSVA rewrites URLs in email messages to provide time-of-click protection. If users forward or reply to those email messages after the URLs have been rewritten, IMSVA will check the URLs again. In this case, IMSVA is unable to extract the rewritten URLs from plain text, and a return error is recorded in message tracking logs. This error does not affect users. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download - IMSS for Linux 5.7, November 2005 - IMSS for Windows 5.7, November 2005 - IMSS for Solaris(TM) 5.7, January 2006 - InterScan Messaging Security Appliance (IMSA) 1.0, August 2006 - IMSS for Linux 7.0, February 2007 - IMSS for Windows 7.0, April 2007 - IMSA 7.0, May 2007 - IMSS for Solaris 7.0, July 2007 - IMSS for Linux 7.0 Service Pack 1, October 2007 - IMSS for Windows 7.0 Service Pack 1, November 2007 - IMSA 7.0 Service Pack 1, January 2008 - IMSS for Solaris 7.0 Service Pack 1, February 2008 - IMSVA 7.0, September 2008 - IMSS for Linux 7.1, June 2009 - IMSS for Windows 7.1, November 2009 - IMSVA 8.0, September 2010 - IMSVA 8.2, September 2011 - IMSVA 8.2 Service Pack 1, July 2012 - IMSVA 8.2 Service Pack 2, December, 2012 - IMSVA 8.5, May 2013 - IMSVA 8.5 Service Pack 1, March 2014 - IMSVA 9.0, October 2014 9. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan, Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide