2
log4j exploit - Anything to worry about in SmarterMail
Question asked by Rod Strumbel - 12/13/2021 at 1:05 PM
Answered
log4j exploit - Anything to worry about in SmarterMail

5 Replies

Reply to Thread
3
Matt Petty Replied
Employee Post
I think we we're going to send out a newsletter or email to customers here soon. But long and short of it is, your SmarterMail instance is safe, our environment here @ ST is safe, and as long as you've gone through your environment checking for log4j references hopefully the rest of your environment is safe too. Certainly been an interesting morning for Sys Admins all around I'm sure based on all the message boards and articles I'm seeing.
Good luck!  


EDIT/MORE INFO: We're based on .net and all of our tooling related to SM uses .net, log4j is a java-based library/utility related to logging used in many JAVA projects. Again, we're C#/.NET and we do not use this. We've also checked our backend systems here and verified we aren't using anything that's vulnerable
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
echoDreamz Replied
Thankfully nothing in our environment needed touching, +1 for not using anything Java :)
0
George To Replied
How about its related components?

How about Cyren Anti-Virus , and Cyren Antispam.

I believe ClamAV (c++), Spamassassin (perl) are unrelated.
2
echoDreamz Replied
SmarterMail and it's components do not use Java at all.
0
Andrea Free Replied
Employee Post Marked As Answer
Hi all, 

As Matt and echoDreamz mentioned, the Log4j exploit DOES NOT have any effect on any SmarterTools software or services/infrastructure. Our applications are built using the .NET framework, so we do not use Log4j or any Java at all. In addition, we host all applications on Windows and we do not have Java installed on any of our servers, and none of the components or other software we use are Java based.

That said, if you are in charge of any Apache/Linux servers, or even if you have Java installed on a desktop or laptop (Windows or Linux), you may want to make sure your systems are fully patched. Below are a few links with more information on the exploit:

https://www.lunasec.io/docs/blog/log4j-zero-day/ 
https://www.wired.com/story/log4j-flaw-hacking-internet/ 
https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/ 

Happy holidays! 

Andrea Free
SmarterTools Inc.
877-357-6278

www.smartertools.com

Reply to Thread