LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

SpamFilter's SSL and TLS implementations use OpenSSL v1.0.1c libraries which are susceptible to the Heartbleed Bug (www.heartbleed.com).
In our tests we were able to confirm that SMTP connections which use TLS to encrypt the email traffic can expose sensitive data as described in the various advisories for the Heartbleed Bug. Connections made over SSL (if an SSL port has been configured in SpamFilter) are instead safe.
To resolve the issue admins should simply update the two OpenSSL v1.0.1c DLLs that are vulnerable. They are located in the SpamFilter's installation directory:

libeay32.dll
ssleay32.dll

You may download the patched OpenSSL files v1.0.1g from our website at:
http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x86.zip  (32bit)
http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x64.zip  (64bit)

To install them, simply stop SpamFilter, replace the two existing DLLs with the ones in the zip file, and restart SpamFilter.

Note - the new OpenSSL libraries require the Microsoft Visual C++ 2008 Redistributable to be installed on the server. If the VC++ libraries are not present, you can install them from Microsoft's website: 
http://www.microsoft.com/en-us/download/details.aspx?id=29  (32bit)
http://www.microsoft.com/en-us/download/details.aspx?id=15336  (64bit)

Please contact us at support at logsat dot com if you need any additional information or assistance int he deployment.

Edited by LogSat - 15 July 2014 at 6:59pm

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Topic: Heartbleed Bug & SpamFilter Posted: 10 April 2014 at 10:46pm
	SpamFilter's SSL and TLS implementations use OpenSSL v1.0.1c libraries which are susceptible to the Heartbleed Bug (www.heartbleed.com). In our tests we were able to confirm that SMTP connections which use TLS to encrypt the email traffic can expose sensitive data as described in the various advisories for the Heartbleed Bug. Connections made over SSL (if an SSL port has been configured in SpamFilter) are instead safe. To resolve the issue admins should simply update the two OpenSSL v1.0.1c DLLs that are vulnerable. They are located in the SpamFilter's installation directory: libeay32.dll ssleay32.dll You may download the patched OpenSSL files v1.0.1g from our website at: http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x86.zip (32bit) http://logsat.com/spamfilter/pub/Spamfilter-Openssl-1.0.1g-x64.zip (64bit) To install them, simply stop SpamFilter, replace the two existing DLLs with the ones in the zip file, and restart SpamFilter. Note - the new OpenSSL libraries require the Microsoft Visual C++ 2008 Redistributable to be installed on the server. If the VC++ libraries are not present, you can install them from Microsoft's website: http://www.microsoft.com/en-us/download/details.aspx?id=29 (32bit) http://www.microsoft.com/en-us/download/details.aspx?id=15336 (64bit) Please contact us at support at logsat dot com if you need any additional information or assistance int he deployment. Edited by LogSat - 15 July 2014 at 6:59pm
	Roberto Franceschetti LogSat Software Spam Filter ISP

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 26 April 2015 at 3:08pm
	The latest OpenSSL libraries available are 1.0.2a, and can be downloaded from: http://www.logsat.com/SpamFilter/pub/Spamfilter-Openssl-1.0.2a-x86.zip (32bit) http://www.logsat.com/SpamFilter/pub/Spamfilter-Openssl-1.0.2a-x64.zip (64bit) Unlike the OpenSSL 1.0.1g above, these libraries should not need the MS Visual C++ 2008 redistributable installed on the server.
	Roberto Franceschetti LogSat Software Spam Filter ISP

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Heartbleed Bug & SpamFilter