<> Trend Micro Incorporated April 16, 2024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Messaging Security Suite for Linux(TM) 9.1 Build 1172 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ================================================== 1. About InterScan Messaging Security Suite 2. What's New 3. Precaution When Upgrading from an Older IMSS Version 4. Documentation Set 5. System Requirements 5.1 Supported Distributions 6. Installation 6.1 Installing 6.2 Uninstalling 7. Post-Installation Configuration 8. Known Issues 9. Release History 10. Contact Information 11. About Trend Micro 12. License Agreements ================================================== 1. About InterScan Messaging Security Suite ======================================================================== InterScan Messaging Security Suite (IMSS) is a policy-based virus protection, antispam protection and content security solution for the SMTP gateway to prevent virus outbreaks and spam and protect enterprise security integrity. The solution's customizable routing and relay restriction features are easy to deploy and interoperate with existing messaging environments. 2. What's New ======================================================================== IMSS 9.1 includes the following new and updated features: 2.1 Cloud Pre-Filter Integration ===================================================================== Cloud Pre-Filter is a hosted email security service that can filter all of your email messages before they reach your network. Pre-filtering your email messages can save you time and money. 2.2 Data Loss Prevention ===================================================================== Data Loss Prevention(TM) (DLP) safeguards an organization's confidential and sensitive data-referred to as digital assets-against accidental disclosure and intentional theft. 2.3 Integration with Virtual Analyzer ===================================================================== Virtual Analyzer is an isolated virtual environment used to manage and analyze samples in Trend Micro Deep Discovery Analyzer. IMSS allows you to define rules to send suspicious messages to Virtual Analyzer for analysis. To achieve better load balancing and failover capabilities, IMSS allows you to add multiple servers for Virtual Analyzer. You can also enable, disable, and delete Virtual Analyzer servers on the IMSS management console. 2.4 End-User Quarantine Single Sign-on (SSO) ===================================================================== IMSS now allows users to log on once to their domain and then to End-User Quarantine (EUQ) without re-entering their domain name and password. 2.5 Dashboard and Widgets ===================================================================== Real-time summaries have been replaced with a dashboard and widgets. This will provide administrators with more flexibility when viewing IMSS data. The "Summary" screen has been renamed "System Status" and appears in the left menu. 2.6 Web Reputation Enhancement ===================================================================== The Web Reputation filter has been enhanced to enable detection of URLs that have not been rated by Trend Micro. This functionality helps increase protection against advanced threats that leverage short-lived malicious websites. 2.7 Enhanced Smart Protection ===================================================================== IMSS supports both Trend Micro Smart Protection Network and Smart Protection Server as smart protection sources. Smart Protection Servers are supported to localize smart protection services to the corporate network to reduce outbound traffic and optimize efficiency. 2.8 Social Engineering Attack Protection ===================================================================== Social Engineering Attack Protection detects suspicious behaviors related to social engineering attacks in email messages. When Social Engineering Attack Protection is enabled, the Trend Micro Antispam Engine scans for suspicious behaviors in several parts of each email transmission, including the email header, subject line, body, attachments, and the SMTP protocol information. If the Antispam Engine detects behaviors associated with social engineering attacks, the Antispam Engine returns details about the message to IMSS for further action, policy enforcement, or reporting. 2.9 Known Host Support ===================================================================== Known hosts include trusted mail transfer agents (MTAs) and the Cloud Pre-Filter that are deployed before IMSS on your network. IMSS now enables you to specify known hosts to exempt them from Sender Filtering and graymail scanning. 2.10 Graymail ===================================================================== Graymail refers to solicited bulk email messages that are not spam. IMSS manages graymail separately from common spam to allow administrators to identify graymail messages. IP addresses specified in the graymail exception list bypass scanning. 2.11 Multiple LDAP Servers ===================================================================== IMSS supports using more than one LDAP server and has support for more LDAP server types. 2.12 Advanced Anti-malware Protection ===================================================================== The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and aggressive heuristic scanning to detect document exploits and other threats used in targeted attacks. 2.13 Time-of-Click Protection ===================================================================== IMSS provides time-of-click protection against malicious URLs in email messages. If you enable Time-of-Click Protection, IMSS rewrites URLs in email messages for further analysis. Trend Micro analyzes those URLs at the time of click and will block them if they are malicious. 2.14 Connected Threat Defense ===================================================================== Configure IMSS to subscribe to the suspicious object lists on the Trend Micro Control Manager(TM) server. Using the Control Manager console, you can specify customized actions for objects detected by the suspicious object lists to provide custom defense against threats identified by endpoints protected by Trend Micro products specific to your environment. Control Manager facilitates the investigation of targeted attacks and advanced threats using suspicious objects. Files and URLs that have the potential to expose systems to danger or loss will be detected. 2.15 Report Delivery Through Email ===================================================================== IMSS allows you to send newly generated reports and archived reports through email. Detailed views of reports will be included. 2.16 EUQ Distribution List Management ===================================================================== The web-based EUQ service allows end users to manage the spam quarantine of distribution lists that they belong to. 2.17 LDAPS Support ===================================================================== IMSS supports LDAP over SSL (LDAPS) that provides users a secure and encrypted channel to communicate with LDAP servers. 2.18 Command & Control Contact Alert Services ===================================================================== Command & Control (C&C) Contact Alert Services provides IMSS with enhanced detection and alert capabilities to mitigate the damage caused by advanced persistent threats and targeted attacks. 2.19 EUQ Digest Inline Action Links ===================================================================== IMSS enables users to apply actions to quarantined messages through links in the EUQ digest. 3. Precaution When Upgrading from an Older IMSS Version ======================================================================== Take note of the following when upgrading IMSS from an older version to version 9.1. 3.1 IMSS 9.1 now supports the "Not the selected attachment names" option of the attachment name or extension filter used for scanning compressed files. --------------------------------------------------------------------- This feature is not available in IMSS 7.1. Upgrading to IMSS 9.1 from version 7.1 may then change the behavior of the existing policy. To work around this, the feature can be disabled in IMSS 9.1 when necessary. To configure the feature: 1. Open the "imss.ini" file in the"${IMSS_HOME}/config" folder using a text editor. 2. Add the following setting under the "email-scan" section and set the preferred value. [email-scan] EnableNameExtAnyNotInCompressed=yes, (default) enables the feature =no, disables the feature 3. Save the changes and close the file. 4. Restart the scanner using the following command: /opt/trend/imss/script/S99IMSS restart 3.2 The "Name or extension" policy condition can now recognize the file name and extension of files in password-protected ZIP files. --------------------------------------------------------------------- This feature is not available in IMSS 7.1. Upgrading to IMSS 9.1 from version 7.1 may then change the behavior of the existing policy. To work around this, the feature can be disabled in IMSS 9.1 when necessary. To configure the feature: 1. Open the "imss.ini" file in the"${IMSS_HOME}/config" folder using a text editor. 2. Add the following setting under the "general" section and set the preferred value. [general] EnableScanFileNameInPasswordCompress=yes, (default) enables the feature =no, disables the feature 3. Save the changes and close the file. 4. Restart the scanner using the following command: /opt/trend/imss/script/S99IMSS restart 4. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IMSS. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IMSS. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IMSS. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 5. System Recommendations ======================================================================== Recommended System Requirements --------------------------------------------------------------------- The recommended requirements for installing IMSS are: - 8-core Intel(TM) Xeon(TM) processor or equivalent - 8 GB RAM - 2 GB swap space - At least 250 GB hard disk space Minimum System Requirements --------------------------------------------------------------------- The minimum requirements for installing IMSS are: - Dual-core Intel Xeon processor or equivalent - 4 GB RAM - 2 GB swap space - At least 80 GB hard disk space At least 500 MB of free disk space is required for installation. However, more disk space might be needed depending on message volume and certain IMSS settings. --------------------------------------------------------------------- The following is the recommended setup based on 500,000 email messages a day, a 50% quarantine rate, and one-month log preservation: - 10 GB disk space for mail storage - 50 GB or more disk space for the Admin database (By default, the Admin database is in the "/var/imss" folder) - 20 GB or more disk space for the EUQ database (By default, the EUQ database is in the "/var/imss" folder) - 40 GB or more disk space for the working queue folder (By default, the working queue folder is in the "/opt/trend/imss/queue/" folder) Browser - Microsoft(TM) Internet Explorer(TM) 10, 11, Edge 15063 or higher, Edge(Chromium) 93.0.961.47 or higher - Mozilla(R) Firefox(R) 53 PostgreSQL: 9.6.3 LDAP Server - Microsoft Active Directory 2012 R2, 2016, 2022 - IBM Lotus Domino 8.5, 9.0 - Sun One LDAP 5.2 or above - OpenLDAP 2.4.44 Mail Transfer Agent (MTA): - Postfix 2.6 or above - Sendmail 8.14 or above Linux libraries: - Red Hat(TM) 6 (32-bit/64-bit): net-tools; bind-utils; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; glibc.i686 - Red Hat 7.0-7.2: nss-softokn; net-tools; bind-utils; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; glibc.i686 - Red Hat 7.3: nss-softokn; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; glibc.i686 - Red Hat 7.4: nss-softokn; glibc.i686; bind-utils; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686 - Red Hat 7.5: nss-softokn; glibc.i686; net-tools; bind-utils; lsof; wget; perl;fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686 - Red Hat 7.6-7.9: glibc.i686; net-tools; bind-utils; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686 - Red Hat 8.0-8.9: glibc.i686; libxcrypt.i686; net-tools; bind-utils; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; libnsl.i686; libgcc.i686; nss-tools - Red Hat 9.0: glibc.i686; libxcrypt.i686; net-tools; bind-utils; lsof; wget; perl; fontconfig.i686; cyrus-sasl-gssapi.i686; cyrus-sasl-md5.i686; libnsl.i686; libgcc.i686; nss-tools libxcrypt-compat.i686; initscripts; expat.i686 Control Manager - Version 6.0 Service Pack 3 Patch 3 Hotfix 3611 - Version 7.0 Patch 1 Hotfix 3096 Apex Central - Version 2019 Patch 8 Hotfix 6729 Trend Micro Deep Discovery Analyzer 5.8 5.1 Supported Distributions ===================================================================== The following Linux distributions are supported in this release: - Red Hat Enterprise Linux 6 Servers Versions 6.0, 6.1, 6.2, 6.3, 6.4, 6.6, 6.7, 6.8, and 6.9 - Red Hat Enterprise Linux 7 Servers Versions 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, and 7.9 - Red Hat Enterprise Linux 8 Servers Versions 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, and 8.9 - Red Hat Enterprise Linux 9 Servers Versions 9.0 NOTES: - To enable support for Red Hat Enterprise Linux 7.5, 7.6, 7.7, or 7.8 servers, you must install IMSS 9.1 Hotfix 1211 or any higher build. - To enable support for Red Hat Enterprise Linux 7.9 servers, you must install IMSS 9.1 Critical Patch 1416 or any higher build. - To enable support for Red Hat Enterprise Linux 8.0, 8.1, 8.2, or 8.3 servers, you must install IMSS 9.1 Hotfix 1347 or any higher build. - To enable support for Red Hat Enterprise Linux 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, or 9.0 servers, you must install IMSS 9.1 cp1515 or any higher build. 6. Installation ======================================================================== 6.1 Installing ===================================================================== For installation instructions, refer to the IMSS 9.1 Installation Guide. For path names, IMSS supports only US-ASCII characters. After installation, the IMSS server will not be an Open Relay by default. IMSS for Linux does not contain the Postfix installation package. Use the Postfix version that comes with the operating system. If you activate Spam Prevention Solution (SPS), SPS scanning will be enabled by default. Activating SPS also activates Sender Filtering. You can enable or disable Sender Filtering at a later time from the management console. 6.2 Uninstalling ===================================================================== To uninstall IMSS 9.1, refer to the Installation Guide. 7. Post-Installation Configuration ======================================================================== After successfully installing IMSS, Trend Micro recommends performing the following post-installation configuration tasks: 1. Register and activate IMSS. 2. Configure user accounts. 3. Download the latest components to enhance security protection. 4. Configure policies and policy notifications. For detailed information about performing these tasks, see the Administrator's Guide. NOTES: - Connection to Cloud Pre-Filter requires port 9000 to be open. If the proxy is specified on the IMSS management console, the proxy server requires port 9000 to be open. - Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 8. Known Issues ======================================================================== The following describes known issues in this release: 8.1 IMSS attempts to convert characters to UTF8 when the subject line of an email message has no character set information, uses special characters (such as the copyright symbol), or uses double-byte characters. If the conversion to UTF8 is not successful: - The logs contain garbled characters. - IMSS quarantines the email message, and the subject field displays the message "Unsupported charset non-UTF-8" if you attempt to view the message on the management console. 8.2 To view the management console using Internet Explorer, users must first perform the following: 1. Go to "Tools > Internet Options > Security > Trusted Sites > Sites". 2. Add the IP address of the computer on which IMSS is installed. 3. Click "Close". 8.3 To prevent IMSS from scanning messages, you can create a new rule to hand off the messages you do not want to scan. However, IMSS may still trap these messages if they trigger email scanning exceptions. This is because the mail scanning exception has a higher priority than spam filters and content filters. 8.4 IMSS cannot be installed on SeLinux (Security-Enhanced Linux) on Red Hat. 8.5 IMSS cannot be installed on Red Hat if the virtualization technology is enabled. 8.6 When installing the database for IMSS, do not use double-byte characters when specifying the database password. IMSS cannot connect to the database if double-byte characters are used in the password. 8.7 If time settings (including time zones) are not synchronized across IMSS servers, certain functions (such as log purge and End User Quarantine logon with Kerberos) may not work as expected. 8.8 IMSS detects Command & Control (C&C) email messages based on addresses only in the message header. 8.9 If the time zone setting on the IMSS server is different from that on the database server, policy event logs cannot be queried. 8.10 IMSS rewrites URLs in email messages to provide time-of-click protection. If the email messages contain both URLs and Chinese characters in plain text, IMSS extracts incorrect URLs and rewrites them improperly. 8.11 Each registered Activation Code matches a unique key. If an Activation Code has been registered to the Time-of-Click Protection service, it cannot be changed to another registered Activation Code because the matching key cannot change. 8.12 IMSS rewrites URLs in email messages to provide time-of-click protection. If users forward or reply to those email messages after the URLs have been rewritten, IMSS will check the URLs again. In this case, IMSS is unable to extract the rewritten URLs from plain text, and a return error is recorded in message tracking logs. This error does not affect users. 8.13 If certain policy event logs are not imported to the database before upgrade, it will be lost after the upgrade to IMSS 9.1. 8.14 If an email message is sent to two mailboxes of the same user, the message will be removed from both mailboxes once you delete it on the EUQ console or using the inline action. 8.15 If you add an LDAP server with LDAPS and Kerbose both enabled, the Cloud Pre-Filter recipient check will not work. If you add multiple LDAP servers with LDAPS and Kerbose both enabled, the Cloud Pre-Filter recipient check and LDAP synchronization may not work properly. 9. Release History ======================================================================== - IMSS for Linux 7.0, February 2007 - IMSS for Linux 7.0 Service Pack 1, October 2007 - IMSS for Linux 7.1, June 2009 - IMSS for Linux 7.1 Service Pack 1, October 2013 - IMSS for Linux 7.1 Service Pack 2, July 2014 For more information about updates to this product, go to: http://www.trendmicro.com/download 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, Smart Protection Network, InterScan, Control Manager, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide