InterScan Messaging Security Suite

This article describes how you can access the database on Interscan Messaging Security Suite 9.1.

Individuals or site owners who feel that a website has a wrong rating or is classified incorrectly by Trend Micro can visit Site Safety Center to have the website reclassified. Site Safety Center allows you to verify the rating and category of a website and request for reclassification via the Give Feedback link. 

This article will show you how to enable encrypted communication between InterScan Messaging Security Virtual Appliance (IMSVA) / InterScan Messaging Security Suite (IMSS), and LDAP server.

On December 9, 2021, a new critical 0-day vulnerability impacting multiple versions of the popular Apache Log4j 2 logging library was publicly disclosed that, if exploited, could result in Remote Code Execution (RCE) by logging a certain string on affected installations.This specific vulnerability has been assigned CVE-2021-44228 and is also being commonly referred to as "Log4Shell" in various blogs and reports.This CVE-2021-44228 is a Java Naming and Directory InterfaceTM (JNDI) injection vulnerability in the affected versions of Log4j listed above. It can be triggered when a system using an affected version of Log4j 2 includes untrusted data in the logged message. If this data includes a crafted malicious payload, a JNDI lookup is made to a malicious server. Depending on the information sent back (response), a malicious Java object may be loaded, which could eventually lead to RCE. Additionally, attackers who can control log messages or their parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.AFFECTED SOFTWAREApache StrutsApache SolrApache DruidApache FlinkElasticSearchFlumeApache DubboLogstashKafkaSpring-Boot-starter-log4j2INFECTION ROUTINEAVAILABLE SOLUTIONSFile ReputationDetection/Policy/RulesPattern Branch/VersionRelease DateTrojan.Linux.MIRAI.SEMR Backdoor.Linux.MIRAI.SMF Backdoor.Linux.MIRAI.SME17.247.0012 Dec 2021Trojan.SH.CVE20207961.SM17.247.0013 Dec 2021Backdoor.Linux.MIRAI.SEMR Trojan.SH.MIRAI.MKF Coinminer.Linux.KINSING.D17.248.0413 Dec 2021Predictive Machine LearningDetectionPattern Branch/VersionTroj.ELF.TRX.XXELFC1DFF009In-the-cloudTroj.ELF.TRX.XXELFC1DFF012In-the-cloudBehavior MonitoringPattern Branch/VersionRelease DateSEN5985S / TMTD 256512 Dec 2021Web ReputationURLCategoryBlocking DateURL Protection (Over 1700 URLs blocked)Malware AccompliceIn-the-cloudNETWORK PATTERNTrend Micro Cloud One - Workload Security and Deep Security IPS RulesRule 1011242 - Log4j Remote Code Execution Vulnerability (CVE-2021-44228)Rule 1005177 - Restrict Java Bytecode File (Jar/Class) DownloadRule 1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP RequestTrend Micro Cloud One - Workload Security and Deep Security Log InspectionLI Rule 1011241 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)Trend Micro Cloud One - Network Security and TippingPoint DVToolkit CSW file CVE-2021-44228Filter C1000001 : HTTP: JNDI Injection in HTTP Header or URITrend Micro Deep Discovery InspectorProactive Detection: DDI Rule 4280: "HTTP_POSSIBLE_USERAGENT_RCE_EXPLOIT_REQUEST" Protection Solutions: Released in NCIP 1.14747.00: DDI Rule 4641:"CVE-2021-44228 - OGNL EXPLOIT - HTTP(REQUEST)"DDI Rule 4643:"POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT - HTTP (REQUEST) - Variant 2" (disabled by default) Released in NCIP 1.14749.00: DDI Rule 4642:"POSSIBLE HTTP HEADER OGNL EXPRESSION EXPLOIT - HTTP(REQUEST)"

This article lists down some helpful information about Email Reputation Service (ERS).

Know the considerations and step-by-step procedure when switching from InterScan Messaging Security Suite (IMSS) or InterScan Messaging Security Virtual Appliance (IMSVA) to Trend Micro Email Security.

This article discuses how you can log in, register your activation key, and merge licenses in CLP.

This article shows the detailed steps in enabling the hidden key in IMSS/IMSVA admin database to export the configuration files, which can be used in data migration.

This article contains information regarding Trend Micro VSAPI and ATSE version format changes.

This article lists and describes the types of fixes that are available to Trend Micro users.