Re: [IMail Forum] Imail vulnerability, or do we have a Virus

Mon, 29 Jan 2007 07:08:00 -0800 

Joel,
The only secure released versions of IMail are 8.22 with the patch listed in the KB or 2006.1/9.1. 


Exploitation of this vulnerability can give full control of your server 
over to hackers.  I can't say whether or not you have been hacked based 
on your description, but there are exploits active in the wild for this 
vulnerability and you have to be patched for it.  If you are hacked, 
there could be any number of things wrong and generally the best way to 
deal with this is to do a format and reinstall.  The vulnerability is 
only a way for hackers to gain the ability to execute code on your 
server, and once they have done that they are likely to have installed a 
backdoor, and likely with a rootkit, and trying to remove a rootkit is a 
pain if not impossible for most.  Thankfully IMail is easy to port from 
one installation to another.



Note that there are also active exploits for earlier versions of IMail 
that were only patched in 8.15 with Hotfix 2, so you may or may not have 
been hacked through that avenue if that patch wasn't applied.


Good luck,

Matt



Joel Lichtenberger wrote:

We were added to the CBL list Saturday, after contacting them they asked me
if I was using Imail, Why did they ask if I was using Imail.  Because of
the, IMail - SMTP Vulnerability mentioned here:
http://support.ipswitch.com/kb/IM-20061026-JH01.htm?

Concerned that I was somehow allowing SPAM to forward/relay through our
machine I looked at the SMTP logs and notice mail from [EMAIL PROTECTED]
was being sent to [EMAIL PROTECTED]  According to the logs the
messages originated from our mail server.  Have we been exploited by the

Imail vulnerability, or do we have a Virus?  


I'm just trying to figure out which direction to go from here.

Thanks,

Joel

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



  

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/






















					Reply via email to