|
SpamFilter's SSL and TLS implementations use OpenSSL v1.0.1c libraries which are susceptible to the Heartbleed Bug ( http://www.heartbleed.com" rel="nofollow - www.heartbleed.com ).
In our tests we were able to confirm that SMTP connections which use TLS to encrypt the email traffic can expose sensitive data as described in the various advisories for the Heartbleed Bug. Connections made over SSL (if an SSL port has been configured in SpamFilter) are instead safe.
To resolve the issue admins should simply update the two OpenSSL v1.0.1c DLLs that are vulnerable. They are located in the SpamFilter's installation directory:
libeay32.dll ssleay32.dll
You may download the patched OpenSSL files v1.0.1g from our website at: http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x86.zip" rel="nofollow - http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x86.zip (32bit) http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x64.zip" rel="nofollow - http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x64.zip (64bit)
To install them, simply stop SpamFilter, replace the two existing DLLs with the ones in the zip file, and restart SpamFilter.
Note - the new OpenSSL libraries require the Microsoft Visual C++ 2008 Redistributable to be installed on the server. If the VC++ libraries are not present, you can install them from Microsoft's website:
http://www.microsoft.com/en-us/download/details.aspx?id=29" rel="nofollow - http://www.microsoft.com/en-us/download/details.aspx?id=29 (32bit) http://www.microsoft.com/en-us/download/details.aspx?id=15336" rel="nofollow - http://www.microsoft.com/en-us/download/details.aspx?id=15336 (64bit)
Please contact us at support at logsat dot com if you need any additional information or assistance int he deployment.
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|