Some versions of SMLD and SMD may experience an error when trying to download pattern updates after February 14, 2014, from the Trend Micro ActiveUpdate (AU) server due to an issue identified in certain ScanMail Domino AU modules.
The following error message appears in the Domino console of affected products:
… [DATE] [TIME] SMDupd: Unable to download components. Check server status or refer to ScanMail Help > Troubleshooting section for details
Background and Details
The AU modules in affected versions of SMLD and SMD were found to be accessing an old digital certificate when downloading pattern updates. This causes an integrity check failure which leads to a failed update.
Affected customers will not lose current protection because this issue affects only the downloading of new pattern updates.
Affected Versions
The following versions of SMLD and SMD are affected:
- SMLD 5.5 Windows (global and JP versions)
- SMLD 5.0 AIX
- SMLD 5.0 Windows (global and JP versions)
- SMLD 5.0 zLinux
- SMD 3.1 Linux (global version)
- SMD 3.0 Windows (JP version)
- SMD 3.0 AIX (global version)
- SMD 3.0 Solaris
- SMD 3.0 i5/OS/400
The current version of ScanMail for IBM Domino (SMID) v5.6 (all platforms) is NOT affected by this issue.
Managing Potential Impact
Trend Micro released critical patches to resolve the ActiveUpdate module issue for the products below:
| Version and Platform | System | Critical Patch |
|---|---|---|
| SMLD 5.5 Windows | 32-bit | smld-55-win32-en-criticalpatch3167.zip |
| 64-bit | smld-55-win64-en-criticalpatch3167.zip | |
| SMLD 5.0 AIX | 64-bit | smld-50-aix64-en-criticalpatch3274.tar.gz |
| SMLD 5.0 Windows | 32-bit | smld-50-win32-en-criticalpatch3275.zip |
| 64-bit | smld-50-win64-en-criticalpatch3275.zip | |
| SMLD 5.0 zLinux | 64-bit | smld-50-zLinux64-en-patch1-criticalpatch3276.tar.gz |
| SMD 3.1 EN Linux | 32-bit | smd-31-lx-en-patch1-criticalpatch1076.tar.gz |
| SMD 3.0 EN AIX | 32-bit | smd-30-aix-en-patch7-criticalpatch3785.tar.gz |
| SMD 3.0 EN Solaris | Sparc | smd-30-sol-en-sp2-patch1.1-criticalpatch3793.tar.gz |
Applying the critical patch or hot fix is the recommended solution, but there are also two (2) alternate methods to receive patterns:
- Customers can download and apply the pattern manually.
- Customers can temporarily disable digital certificate checking. This would instruct the product not to check the digital certificate of update components. The procedure for disabling this check involves adding a line to the ScanMail configuration file. Follow the steps in this KB article: ScanMail for IBM Domino (SMID) cannot download updates from Control Manager (TMCM).
We recommend re-enabling this option after the critical patch is successfully applied.
For Further Assistance
Trend Micro is taking this matter very seriously and is conducting a thorough root cause analysis in order to prevent similar issues from happening in the future.
We sincerely apologize for any inconvenience this may have caused. We encourage customers who have questions or require further assistance to contact their authorized Trend Micro support representative.
