<<<>>> Trend Micro, Inc. April 30, 2009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) for Linux(TM) 3.0 Patch 1 for Service Pack 1 Build 1252 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at: http://olr.trendmicro.com Contents ==================================================================== 1. About ServerProtect for Linux 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Files Included in This Release 2. What's New 2.1 New Features in This Release 2.2 Resolved Known Issues in This Release 3. Documentation Set 4. Recommended System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Rollback Process 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. About ServerProtect for Linux ======================================================================== Trend Micro ServerProtect for Linux provides comprehensive protection against computer viruses/spywares, Trojans, worms, and other security risks for file servers based on the Linux operating system. Managed through an intuitive, portable Web-based console or Linux command line console, ServerProtect provides centralized virus scanning, pattern updates, event reporting and antivirus configuration. Award: Winner of SYS-CON Linux and Enterprise Open Source Readers' Choice Award Certification: ServerProtect for Linux 3.0 fully supports Novell OES2 and is Novell YES certified for the following: - 32-bit OS (See http://developer.novell.com/yes/92344.htm) - 64-bit OS (See http://developer.novell.com/yes/92345.htm) 1.1 Overview of This Release ===================================================================== Patch 1 resolves issues found in ServerProtect for Linux 3.0 after the release of Service Pack 1. Refer to the "What's New" section for enhancements implemented in this release. 1.2 Who Should Install This Release ===================================================================== You should install Patch 1 if you are currently running ServerProtect for Linux 3.0 with Service Pack 1 (build 1198). 1.3 Files Included in This Release ====================================================================== File name Build No. ========= ========= splxmain 3.0.1252 entity 3.0.1252 vsapiapp 3.0.1252 splx_manual_scan 3.0.1252 splx_schedule_scan 3.0.1252 scripts/splxcore 3.0.1252 scripts/splxhttpd 3.0.1252 splxhttpd 3.0.1252 splxhttpd.conf 3.0.1252 libProductLibrary.so 3.0.1252 cmoption.cgi 3.0.1252 login_and_register.cgi 3.0.1252 log_management.cgi 3.0.1252 notification.cgi 3.0.1252 proption.cgi 3.0.1252 scanoption.cgi 3.0.1252 scanoption_set.cgi 3.0.1252 showpage.cgi 3.0.1252 srv_admin.cgi 3.0.1252 summary.cgi 3.0.1252 tmcm_sso.cgi 3.0.1252 viewlog.cgi 3.0.1252 wtcoption.cgi 3.0.1252 splxmod-2.6.18-128.1.6.el5.i686.o 3.0.0.0002 splxmod-2.6.18-128.1.6.el5xen.i686.o 3.0.0.0002 splxmod-2.6.18-128.1.6.el5.x86_64.o 3.0.0.0002 splxmod-2.6.18-128.1.6.el5xen.x86_64.o 3.0.0.0002 splxmod-2.6.18-128.1.6.el5PAE.i686.o 3.0.0.0002 splxmod-2.6.9-78.0.17.EL.i686.o 3.0.0.0002 splxmod-2.6.9-78.0.17.ELsmp.i686.o 3.0.0.0002 splxmod-2.6.9-78.0.17.EL.x86_64.o 3.0.0.0002 splxmod-2.6.9-78.0.17.ELsmp.x86_64.o 3.0.0.0002 splxmod-2.6.16.60-0.34-bigsmp.i686.o 3.0.0.0002 splxmod-2.6.16.60-0.34-default.i686.o 3.0.0.0002 splxmod-2.6.16.60-0.34-smp.i686.o 3.0.0.0002 splxmod-2.6.16.60-0.34-xen.i686.o 3.0.0.0002 splxmod-2.6.16.60-0.34-xen.x86_64.o 3.0.0.0002 splxmod-2.6.16.60-0.34-default.x86_64.o 3.0.0.0002 2. What's New ======================================================================== Patch 1 resolves issues and legacy defects in ServerProtect for Linux 3.0 with Service Pack 1. Patch 1 adds the following features: - Patch 1 upgrades the internal HTTP server for ServerProtect to resolve some security issues. - Patch 1 updates the Kernel Hook Moduke (KHM) source code in the latest KHM packages to the latest version. - Patch 1 adds the dynamic enabling feature for the kernel debug log. Refer to Section 6, Post-installation Configuration, for specific steps to enable this feature. 2.1 Resolved Known Issues in This Release ===================================================================== Patch 1 resolves the following issues: - ServerProtect cannot register to Trend Micro Control Manager if the domain information in "/etc/resolve.conf" is too long. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, Trend Micro changes the way ServerProtect retrieves the host machine domain name to resolve the issue. - When ServerProtect for Linux performs an update when all components are still up-to-date, the event log will display incorrect information. This prompts Trend Micro Control Manager(TM) to send an email notification stating "Update unsuccessful". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, ServerProtect will record this update as a successful update; Control Manager will note that there is no update needed and will not send out an "Update unsuccessful" notification. - ServerProtect for Linux does not send event logs to Control Manager if only the engine or spyware pattern is updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, ServerProtect for Linux sends event logs to Control Manager for engine or spyware pattern only updates. This enables Control Manager to send out email notifications for the status of the events if configured. - When ServerProtect for Linux registers to Control Manager using Fully Qualified Domain Name (FQDN), the registration process may fail during the Linux system startup if the network environment is not ready. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, ServerProtect for Linux will attempt to register several times within a specified period of time if the Control Manager registration fails. - When stopping ServerProtect services, ServerProtect for Linux cannot terminate the scheduled scanning process if the real-time scanning function is not working. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, ServerProtect for Linux stops the scheduled scanning process normally when executing the "/etc/init.d/splx stop" command to stop the ServerProtect services. - Even when the pattern file or scan engine is updated successfully, ServerProtect may generate a system log "ActiveUpdate not completed" with the reason "ActiveUpdate successfully downloaded the patch files. Patch update is now in progress". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, a new parameter "WaitingTime" will be added in the "ActiveUpdate" section of the "tmsplx.xml" file. The default value for the "WaitingTime" parameter is "60" seconds which is adequate for most applications. Users can reconfigure this value as needed. - ServerProtect for Linux does not send email notifications when it detects a security risk by manual scan or scheduled scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Patch 1 adds the "AlertInfectionFoundByMS" hidden key to the "tmsplx.xml" file. When enabled, this new key prompts ServerProtect for Linux to send email notifications for a detected security risk after a manual scan or scheduled scan. - The PR page displays incorrect after grace period license expiration information. The grace expiry date shown is one month earlier than the real grace expiry date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, ServerProtect For Linux will use a new method to calculate the grace expiry date. As a result, the PR page will show the correct grace expiry date. - The "splxhttpd" service does not stop correctly if the process ID of a newly-created "splxhttpd" process is higher than the one created before it. The same issue affects the "entity" process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Patch 1, ServerProtect for Linux will use a new method to stop the "splxhttpd" and "entity" processes in "splxhttpd" and "splxcore" script. This enables ServerProtect to stopped the two processes correctly. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes: - Getting Started Guide -- product overview, installation planning, installation steps and basic information intended to help you deploy ServerProtect for Linux smoothly. - Administration Guide -- Provides post-installation instructions on how to configure the settings to help you get ServerProtect for Linux "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of ServerProtect for Linux. Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download/ - Online help -- Context-sensitive help screens that provide guidance for performing a task. - Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. Recommended System Requirements ======================================================================== Install this patch only on computers running ServerProtect for Linux 3.0 Serivce Pack 1. If running ServerProtect for Linux 3.0 build 1171, install Service Pack 1 before installing this patch. Note: Refer to the ServerProtect Readme file for detailed system requirements for installing the product. 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== To install Patch 1: 1. Log on as a root user. 2. Copy "splx_30_lx_en_sp1_patch1.tar.gz" to a working directory such as "/tmp/workdir" 3. Type the following commands: # cd /tmp/workdir # tar zxvf splx_30_lx_en_sp1_patch1.tar.gz # chmod u+x splx_30_lx_en_sp1_patch1.bin #./splx_30_lx_en_sp1_patch1.bin Notes: - This command will stop the ServerProtect services before installing the Patch. - The original files (refer to Section 1.3 for a complete list) are backed up in the ".rpmsave.sp1.p1/backup/" folder before the installation process replaces them with the files included in this patch. - ServerProtect services automatically start after the system completes the installation process. 5.2 Rollback Process -------------------------------------------------------------------- To rollback to the previous ServerProtect for Linux 3.0 Service Pack 1 configuration while saving customized settings: 1. Run the following command: #rpm -e splx-3.0-sp1-patch1 Note: As the configuration file, "tmsplx.xml", used by Patch 1 may be not compatible with the one used by the previous ServerProtect release version, the configuration file will be saved as "tmsplx.xml.sp1.p1.rpmsave" when you uninstall this patch. ServerProtect will use the configuration file previously backed up when installing this patch. 2. Manually compare and synchronize the settings between the backed-up configuration file and the configuration file used by Patch 1 to apply the same custom settings in ServerProtect. 6. Post-Installation Configuration ======================================================================== To enable kernel debug log dynamically, run the following command: # echo 1 > /proc/splx/khm_debug_level Notes: - Here, "1" is the kernel debug log level you would like to set. The valid value range is "0" to "3". Any value higher than "3" will be treated as 3. Values smaller than "0" will be treated as "0". The float value will be truncated to "integer" and any non-integer value will be treated as "invalid" and refused. - Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this patch release. 8. Release History ======================================================================== ServerProtect for Linux 3.0 June 29, 2007 ServerProtect for Linux 3.0 Service Patch 1 January 3, 2008 See the following Web site for more information about updates to this product: http://www.trendmicro.com/download/product.asp?productid=20 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides centrally controlled server-based virus protection and content-filtering products and services. By protecting information that flows through Internet gateways, email servers, and file servers, Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2009, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, and ServerProtect are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide