SmarterMail security question

Problem reported by Jay Altemoos - Today at 7:40 AM

Submitted

Good day all,

With all the discussion about the recent CVE's for Smartermail, does anyone have a list of things to check on a Windows server to be sure nothing snuck in? I am 99% sure our server did not get compromised but I also want to be sure.

Items I already checked:

1. All our admin accounts have IP restrictions and no recent password changes.

2. I checked our Smartermail installation under Service\App_Data\upload and I do not see anything suspicious in there, just attachments from our users.

3. I also checked Volume Mounts in our web interface and that is clean.

Anything else I should be checking for?

3 Replies

Reply to Thread

J. LaDow Replied

Today at 8:00 AM

Scan the entire filesystem for malicious files.

One of the early vulnerabilities was unauthenticated file uploads and a path traversal vulnerability which allowed files to land outside of the SmarterMail folders.

Also need to check OS level task scheduler for nothing nefarious, auto-runs, the whole nine yards.

MailEnable survivor / convert --

Jay Altemoos Replied

Today at 8:20 AM

Thank you for the suggestion J. LaDow, we do have antivirus running on that server, but for good measure I went ahead and scanned the entire server again, nothing suspicious found.

I went ahead and checked autoruns from systernals, nothing suspicious I can see there either. Taskscheduler was clean as well. I think I am in good shape and will keep an eye on things. We are running 9518 already. I saw there was another release but I need to schedule downtime for that.

J. LaDow Replied

Today at 8:22 AM

It sounds like you might be in the clear --

MailEnable survivor / convert --

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text