Tech Bulletin

December 14 2021

Due to a recently discovered cybersecurity vulnerability in the Log4j Java library, IPRO Information Governance (formerly NetGovern) 6.4 & 6.5 requires a critical product update.

The vulnerability was found in Log4J, an open-source logging library used by apps and services within the IPRO Information Governance 6.4 & 6.5 product and affects crawling and indexing. The software now requires the update outlined below based on Server type.

The vulnerability is only accessible once logged in or through direct LAN access to the indexing server. However, once this is obtained, the individual can elevate their rights and obtain full administrative rights on the local server and continue to exploit other areas.

For all customers on IPRO Cloud, our team will apply the updates tonight (December 14, 2021) during an urgent maintenance window. Please subscribe to status.iprotech.com for additional communication.

For all customers On-Premises, the update will require a momentary downtime. Please follow the instructions below or contact Support for assistance—support@iprotech.com.

These changes will also be rolled into the next minor release.

Please refer to this article for further information about the vulnerability.

  • Pause all jobs prior to starting.

  • Identify Windows Crawler servers. On the Windows Service panel of each windows machine look for “NetGovern Crawler”. The servers with this service will need updated as per below:

  • NOTE
    If you use only email archiving, you will not have crawler servers, but you still need to update index servers.
  • On each of the Windows Crawler servers, do the following:

    • For versions 6.4.X:

      In the file called “80-crawler.conf” located in: C:\Program Files (x86)\Messaging Architects\Netmail WebAdmin\etc\launcher.d\

      Replace the statement:

      start -name crawler "C:\Program Files (x86)\Messaging Architects\Netmail WebAdmin\..\MaCrawler.exe"

      by:

      start -name crawler "C:\Program Files (x86)\Messaging Architects\Netmail WebAdmin\..\MaCrawler.exe" "-Xmx900m -Dcom.sun.management.jmxremote=true -XX:MaxPermSize=256m -Dlog4j2.formatMsgNoLookups=true"

      If the start statement already contains parameters (which means it was changed to fit the your environment needs), append:

      -Dlog4j2.formatMsgNoLookups=true .

       

    • For versions 6.5.X:

      In the file called “80-crawler.conf” located in C:\Program Files (x86)\Messaging Architects\Netmail WebAdmin\etc\launcher.d\

      Replace the start statement:

      start -name crawler "C:\Program Files (x86)\Messaging Architects\Netmail WebAdmin\..\MaCrawler.exe"

      by:

      start -name crawler "C:\Program Files (x86)\Messaging Architects\Netmail WebAdmin\..\MaCrawler.exe" "-XX:+UseG1GC -Xms2048m -Xmx2048m -Dcom.sun.management.jmxremote=true -Dlog4j2.formatMsgNoLookups=true"

      If the start statement already contains parameters (which means it was changed to fit your environment needs), append:

      -Dlog4j2.formatMsgNoLookups=true .

  • For either version, from the Windows Service panel restart the “NetGovern Platform Service” (Launcher).

  • On each of the Linux VMs for both 6.4.X and 6.5.X versions, do the following:

    • Update the “solr.sh” file located in opt/ma/netmail/sbin folder, adding -Dlog4j2.formatMsgNoLookups=true to the SOLR_ARGS:

      "<current_argument_list> \

      -Ddisable.configEdit=true \

      -Dlog4j2.formatMsgNoLookups=true"

    • Update two copies of the “netmail_zkcli.sh” scripts to insert

      -Dlog4j2.formatMsgNoLookups=true so it looks like this:

      java -

      Dlog4j.configuration=file:$SOLR_ZK_CLI_DIR/netmail_zkcli/log4j2.xml -Dlog4j2.formatMsgNoLookups=true<current_argument_list>

      • One copy is in var/netmail/zookeeper/bin

      • One copy is in /var/netmail/index/bin/

    • Run the command "service netmail restart"