today I've realised that I'm not able to upload attachments bigger than 500 kb or so to zimbra web.
I always get an error message which translates to "File Upload Fault"
I've tried with smaller jpgs and pdfs and they work. First I've checked zimbra's configuration:
Code: Select all
[zimbra@mail log]$ zmprov gacf | grep zimbraMtaMaxMessageSize
zimbraMtaMaxMessageSize: 10240000
[zimbra@mail log]$ zmprov gacf | grep zimbraFileUploadMaxSize
zimbraFileUploadMaxSize: 10485760
zimbraFileUploadMaxSizePerFile: 2147483648
I then read more about the exploit that was activley used some while ago and some people report that uploading of attachments isn't working properly anymore after they were compromised. I've already patched it when I first heared about it weeks back but maybe I was too late?
I don't have a file called zmcat or any suspicious shell scripts or any executable files at all in /tmp
I don't have a suspicious crontab entry to /opt/zimbra/lib/zmcheckexpiredcerts, I only have the legit entry for /opt/zimbra/libexec/zmcheckexpiredcerts
I've even gone through the perl script to make sure it's okay.
What more can I check to make sure my system is clean?