Fort delivers accurate and easy-to-use anti-spam and anti-virus security software. Our developers are pioneers in open source software development. We re-invest in our product by updating our software to ensure our customers get the most reliable spam and virus protection available.
Protecting Clients Since 2001.
Posted September 25th, 2014, in News + Events

Bash Bug / Shell Shock Vulnerability

Hello Everyone,

You are probably aware of the recently announced Bash Bug / Shell Shock vulnerability.

Our software is not specifically vulnerable, but you should still update your packages and systems immediately.

The bug allows specially crafted environment variables containing commands that will be executed on vulnerable systems.

Here is a quote from the NIST explaining the bug:

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
– NIST

I will add some links to articles explaining the vulnerability in more detail.

To update your systems please do the following:

1.  Login in as root. You must be root or su to complete the update.

2.  Enter the following command:

yum update -y

This will pull all updates from the RHEL or CentOS repository and any updates from
the FSL repositories and install them.

3.  If there are kernel updates, please schedule a system restart to start using the new kernel.

If you have any issues or would like assistance, please send an email to support@fsl.com.

Here are some links to articles explaining the bug further:

http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

If you have any issues updating your system or need assistance, please send an email to support@fsl.com.

best regards,

Fort Systems Ltd.
www.fsl.com

Posted April 14th, 2014, in News + Events

Heartbleed SSL Vulnerability

BarricadeMX & BarricadeMX-PLUS NOT vulnerable.

With the Heartbleed vulnerability being on the forefront of security news everywhere, we are able to confirm that BarricadeMX and BarricadeMX PLUS are NOT vulnerable to this bug.

Both BarricadeMX and PLUS are based on RHEL / CentOS 5 which uses an earlier version of OpenSSL and the new Haraka SMTP listener uses NodeJS which does use OpenSSL 1.0.1, but the heartbleed code is disabled at compile time there.

As a precaution, please check your other email infrastructure for possible vulnerabilities.

You can find out more information about the Heartbleed bug here: http://heartbleed.com/

As always, it is imperative that your OS and software be maintained to the latest versions. If your maintenance subscription has lapsed, please contact us at info@fsl.com to renew.

If you have any questions or concerns, please send an email to support@fsl.com.

Best regards,

Fort Systems Ltd.

www.fsl.com

Posted February 20th, 2014, in News + Events

How to Submit Spam to FSL

To report a supposedly missed spam, you need to send a copy of the stored spam message to our semi-automated Spam Analyzer. I say “supposedly missed spam” because about half of the spam reported to us is not really spam or has already been tagged as spam. It is either:

 

  1. Mail from a legitimate non-spam sender’s email list that the recipient no longer wants to receive. The recipient needs to un-subscribe from the mail list. Since other recipients may want to receive these messages, they cannot be marked as spam.
  2. Messages that are already tagged  as {Spam}, or a similar phrase, at the beginning of the Subject line of the message.

To analyze a missed spam message and create rules to trap it in the future we need to receive an exact, unaltered copy of the original message in a specific format. There are two ways for you to submit such a message for analysis.

Read the rest of this entry »

Posted December 20th, 2013, in News + Events

BarricadeMX PLUS Upgrade – Dec-12-2013

Important Upgrade For BarricadeMX Plus Now Available.

 

This update fixes a bug that was inadvertently introduced into the open-source version of Haraka which left some debug code in the address parser which causes haraka.log to grow and can cause Haraka to incorrectly bounce messages should the server run out of disk space.  It also includes several other minor improvements.

 

The full change log can be found below.

Read the rest of this entry »

Posted November 25th, 2013, in News + Events

BarricadeMX PLUS Upgrade Notice Nov-25-2013

Important Upgrade For BarricadeMX Plus Now Available.

This update provides a fix for a bug introduced in the last version of Haraka which causes excessive memory usage (memory leak) and a fix to the DBsocketmap daemon that could cause it to exit under rare circumstances.

The full change log can be found below.
For customers who are using BarricadeMX Plus, the current versions are now:

Package Name & Version Number
bmxplus 2.1-10

bmxplus-common 2.1-10

bmxplusd 2.1-10

bmxplus-db 2.1-10

Haraka 2.2.8-2

fsl-dbsocketmap 2.0.4-1

To upgrade to the latest version of BarricadeMX Plus:

Read the rest of this entry »

Posted November 5th, 2013, in News + Events

BarricadeMX PLUS Upgrade

November 4th, 2013

Update for BarricadeMX Plus Haraka Engine

This is a minor bug-fix update. The Change Log for the updated version is at the end.

For customers who are using BarricadeMX Plus, the current versions are now:
Package Name Version Number

bmxplus 2.1-10
bmxplus-common 2.1-10
bmxplusd 2.1.10
bmxplus-db 2.1.10
Haraka 2.2.6-2

To upgrade to the latest version of BarricadeMX Plus:

Upgrading BarricadeMX Plus is simple and straightforward. Email delivery should be interrupted only for a very brief period of time during the update process and no messages should be lost, only delayed, by the update. Still it’s a good idea to install the updates at a relatively slow time for email processing. Many sites prefer to install updates after normal business hours.

Read the rest of this entry »

Posted September 16th, 2013, in News + Events

MailScanner (Un)Covered

By Robin Bains

September 16, 2013

I would like to start by saying Thank You to all our customers and clients and resellers for trusting us with such an important part of their messaging and security infrastructure. We will always do our best to provide you with the best product, support and value.

 I’ve been receiving a lot of requests on the main differences between BarricadeMX PLUS and the open source project MailScanner.  A lot of you have been asking “Robin, why can’t I just use the open source version of MailScanner?”.   Well, if you use our products, you already are, with a lot of extras added on to make your job easier.

Read the rest of this entry »

Posted June 18th, 2013, in News + Events

BarricadeMX PLUS 2.1.10 Release Notes

June 18, 2013

Change Log

  • Add hourly SpamAssassin rule updates from the FSL rules repository
  • Speed up reports where a summary table can be used
  • New option to enable/disable forced sub-domain routing for a domain
  • Change ‘Click Whitelisting’ page to display TTLs in seconds instead of minutes.
  • Fix quarantine report links when displayed on Webmail clients that do not support the use of the HTML tag.
  • Strip any accidental whitespace from report filters
  • Fix SQL error when non-boolean operators are used on boolean fields
  • Fix handling of ‘like’ operator when applied to the ‘Client IP Address’ field in the reports.
  • Fix pager display when the ‘Back to report’ button is clicked from the Message Detail page.
  • Add pager and ‘Back to Reports’ button to the bottom of the page in the Message Listing report.
  • Fix the storage and display of comments in the Exception List editor.

Read the rest of this entry »

Posted April 26th, 2013, in Techie Talk

Top Level .PW Domain source of spam outbreak

Recently we have seen massive amounts of Spam coming from the .pw Top Level Domain.

Domain .pw is the country code top-level domain for Palau. It was originally delegated to the Pacific island nation of Palau in 1997. It has since been re-delegated a number of times, most recently by Directi, a group of businesses operating registrars amongst other Internet-related services, who re-branded it as the Professional Web.  From March 25, 2013, domains under the .pw TLD are available to the general public.  These domains are sold at rock bottom prices which have apparently attracted droves of spammers.

Since we have yet to see a legitimate piece of mail for the .pw domain but have recently seen massive amounts of spam from this domain, we are recommending that you block mail form this domain as soon as practical. It’s quite simple to do:

Read the rest of this entry »

Posted March 25th, 2013, in Techie Talk

Increase in Spam Activity – Yahoo Major Source

If you have noticed an increase in spam recently, there is a good reason – the amount of spam in the Internet has more than doubled in volume since January. Cisco reports on recent spam volumes shows:

  •  A spam increase of 150% in February compared to January
  •  A spam increase of 210% March (to date) compared to January

Not all of this is getting through our filters. We’re still catching most of the older types of spam at the same rates but we are now seeing two new types of spam.

Yahoo spam is not really new since Yahoo has been the major source of “freemail” spam for quite a while now. But now it looks like spammers are really starting to take advantage of Yahoo’s failure to crack down on account hacking and spammer owned accounts.

Read the rest of this entry »