<<>>> Trend Micro, Inc. Feb 4th, 2009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ InterScan(TM) Web Security Suite 3.1 for Windows Critical Patch - Build 1237 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This critical patch was developed as a workaround or solution to a customer-reported problem. As such, this critical patch has received limited testing and has not been certified as an official product update. Consequently, THIS critical patch IS PROVIDED "AS IS." TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS critical patch NOR DOES IT WARRANT THAT THIS critical patch IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Contents =================================================================== 1. Overview of this critical patch Release 1.1 Files Included in this Release 2. What's New 3. Documentation Set 4. System Requirements 5. Installation/Un-installation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this critical patch Release ========================================================================= This critical patch addresses the following issue: 1. Some JSP pages only have session control that allow non-admin accounts ("Auditor" and "Report Only") the ability to modify system configurations without getting the proper permission. 1.1 Files Included in This Release ====================================================================== A. Files for Current Solution(s) Module Filename Build No. ====================================================================== Supporting Daemons about.exe 1237 GUI IWSSGui.jar 1237 productlicense.jsp 1237 iwss_config_database.jsp 1237 2. What's New ======================================================================== After applying this critical patch: 1. The vulnerability issue caused by the lack of permission control will be resolved. If non-admin accounts ¡°Auditor¡± and ¡°Report Only¡± try to visit Web pages that should not be accessed, the requests will be redirected to the summary page. This critical patch also includes the following fixes, but this fix list was tested during their release: 1. When IWSS is operating in the reverse proxy mode and the virtual domain is used for a protected server, the connection to the protected server fails because IWSS changes the Host header. IWSS will not modify the host header in the reverse proxy mode. 2. IWSS mistakenly blocks some URL links as ".com" files. This critical patch addresses this issue by fixing the URL string name getting method. 3. IWSS cannot correctly handle non-RFC standard traffic that causes clients to be unable to download attachments from Yahoo mail. IWSS now correctly handles non-RFC standard traffic and this issue will be resolved. 4. "URL activity by user" does not display in Individual/per user reports. "URL activity by user" now displays correctly in Individual/per user reports. 5. Large files that download/upload through the IWSS FTP proxy will be corrupted. 6. This critical patch will fix the trickle method of the FTP scan and then IWSS will transfer the large files correctly. 7. Moving the mouse over the check icon of the FTP Traffic feature reveals it to be "Disabled" even though it should be "Enabled." When hovering over the FTP Traffic icon it shows the proper Tag. 8. In the access quota policy setting, the quota value cannot be set to 0MB in the web console. IWSS will be able to set the access quota policy to 0MB in the web console. 9. After IWSS's transformation, the FTP RETR command missed some information that makes the FTP server unable to find the file. Consequently, the file download operation fails with the FTP over HTTP mode. IWSS will keep the FTP RETR command as it is when the client sends it to IWSS and the file could be successfully downloaded in the FTP over HTTP mode. 10. Unhandled exceptions in the function "WorkQueue" might cause IWSS to fail. IWSS will be able to correctly handle exceptions. Low-fragmentation heap (LFH) of Windows will be enabled to improve IWSS's memory performance. 11. The package exported from CDT tools cannot be imported in IWSVA 3.1. IWSS 3.1 can export policies and configurations from CDT tools and import to IWSVA 3.1 correctly. 12. In some circumstances, InterScan Web Security Suite (IWSS) can hang when querying the LDAP Server for common names. This situation causes IWSS to stop handling HTTP transactions. IWSS sets a timeout limit for an LDAP query and avoids unnecessary common-name searches for LDAP users if the "prefer-samaAccount=1" parameter is configured in the "intscan.ini" file. 13 IWSS misjudges some video/audio file types as "swf" files. By fixing the file type judgment method, IWSS will correctly recognize specific audio/video files. 14. Pop-up tips on the summary page of the HTTP/FTP service status are not correct. Pop-up tips on the summary page of the HTTP/FTP service status are now correct. It should show a stop when the services are turned off and a start when the services are tuned on. 15. The SNMP MIB file violates RFC rules. The SNMP MIB file will obey RFC rules. 16. The SNMP trap sends the "informsink" command. The SNMP trap will not send the "informsink" command. 17. IWSS can not block PE files through ActiveX rule. By correcting an un-initial variable, IWSS will be able to block PE files through ActiveX rule. 18. In the IWSS URL blocking log file and report, when the group name information for the URL filter is overwritten as a group name for the WRS filter policy, the user group name of the URL filtering violations do not display correctly. The URL filtering policy will not share the same parameter with the WRS policy and the issue will be addressed. 19. The "about.exe" executable does not have the ability to write a registry and, therefore, the critical patch for IWSS 3.1 for Windows is not able to establish a version control. The "about.exe" executable will add a function to write the current build version into the registry and, therefore, the critical patch for IWSS 3.1 for Windows is now able to establish the version control. 20. If the URL filtering category ID does not exist, IWSS will write a "null" value in the log page. If the URL filtering category ID does not exist, IWSS will write space instead of "null" in the log page. 21. When the exporting audit log contains DBCS characters, the garbled characters will come out. When exporting audit logs containing DBCS characters, garbled characters will now come out. 22. The last time modified in the policy notes is not correctly updated in the guest policy. The last modified time in the policy notes will correctly update in the guest policy. 23. When registering to the TMCM server with a DBCS display name, the display name will not show correctly. When registering to the TMCM server with a DBCS display name, the display name will be shown correctly. 24. The "Most Popular URLs Report" is blank on the generated report page. With this critical patch, the "Most Popular URLs Report" displays correctly. 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues, release history and contact information o Electronic versions of the printed manuals are available at: "http://www.trendmicro.com/download" 4. System Requirements ======================================================================== There is no requirement to install this critical patch. 5. Installation/Un-installation ======================================================================== To install the critical patch, 1) Unzip the critical patch file. 2) Execute the critical patch installer. iwss_31_win_en_cp1237.exe 3) Follow the on-screen prompts to complete the installation. To Remove this critical patch and roll back to the previous build, please follow the steps below: The previous files were backed up in the folder located in "\tmp\1237". 1) Stop all IWSS services. 2) Replace the back up files to roll back to the previous build. 3) Execute \about.exe 4) Re-start all IWSS services. Note: Removing the critical patch will interrupt HTTP and FTP service for several minutes. Plan appropriately for this downtime. 6. Post-Installation Configuration ======================================================================== 6.1 IWSS changes the Host header in reserver proxy mode 1). Add Parameter "ProxyPreserveHost=yes" in [http] section of file "intscan.ini." 2) Restart IWSS HTTP service. 6.2 SNMP trap sends "informsink" command. 1. Open file "installation folder"\tmsnmpd.conf 2. Mark the line begin with "informsink" 3. Restart IWSS SNMP service Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this critical patch. 7. Known Issues ======================================================================== There are no known issues for this critical patch release. 8. Release History ======================================================================== NOTE: Only the new critical patch was tested for this release. Prior hot fixes were tested at the time of their release. 8.1 Prior Fixes ===================================================================== N/A 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2009, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, InterScan Web Security Suite are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide