Zimbra Forums

yeeP6rai wrote:Is there way to know about new patches (via rss, maillist, zabbix web page monitor, etc) for specific zimbra version?

rss: https://blog.zimbra.com/

Follow this blog post: https://www.missioncriticalemail.com/2018/10/19/using-zimbras-dosfilter-and-failed-login-lockout-policy-together/ That, together with the postfix, postfix-auth, and postfix-sasl jalls that come with fail2ban, is all I use. Lance this is very useful, thank to the precious work...

axslingr wrote:They're indicating that 18.04 support is still in beta though!

unfortunately they forgot to add the beta badge to the download page. If you can add this note to the ticket it can help others.

There's an ongoing discussion on IRC. Some are investigating further, because other than creating and deleting temporary account some found evidence of deleted production accounts and compromised java files.

More updates will follow

Virustotal detects zmcat as a Bitcon miner.

The tmp.txt is not uploaded but downloaded: it's the JSP they use to run commands.

Hostsailor replied me they blocked the host currently distributing zmcat!

I haven't had the chance to test with modsecurity. Will give a look, thanks.

I wrote some guidelines on the behaviour of the attack and how to clean zmcat.

In short:
patch
kill running processes for l.sh and s.sh and zmcat
remove scripts and zmcat
remove uploaded jsps

As many repoted on IRC, the latest security bug found in Zimbra is being actively exploited in the wild. It's easy to find a compromised install because the exploit campaign creates /tmp/zmcat binary on the system. It also downloads two .sh files used to fetch the binary from 185[.]106.120.118. This...

NetRaider wrote:I tried. I made new installation on Ubuntu with all updates and upgrades. But got logger configuration error during installation process. And broken monitoring section in administration console.

thanks for the feedback! did you file bugs to bugzilla or open support request?

8.8.12 released few days ago has Ubuntu18 support.

anyone had the chance to give it a try?