GFI MAX – OpenSSL “Heartbleed” bug update

Posted on April 11, 2014 by brianmackie

Dear Customers, 

As soon as the vulnerability to OpenSSL was announced engineering teams across GFI have been implementing the necessary fixes to affected systems. 

This work is complete and updated OpenSSL packages have been applied to affected components. As a precautionary measure, keys and certificates are in the process of being re-issued. 

Remote Monitoring & Management platform

• RemoteManagement Dashboard: Systems were not running affected versions 
• Remote Background Management: Systems were not running affected versions 
• TeamViewer/Take Control: Sessions and passwords were not affected. Infrastructure components were checked and updated as necessary 
• Managed Online Backup: Systems were checked and updated as necessary 
• Patch Management: Systems were not running affected versions 
• App Control: Systems were checked and updated as necessary 
• Managed AntiVirus: Two servers used for MAV only, supporting the German infrastructure were updated, no other instances affected 
• ServiceDesk: Systems were checked and updated as necessary 


MAX Mail

The maxmail.gfi.com site and all of its MTAs do not use OpenSSL libraries and were not susceptible to the vulnerability. 

The compiled version of the OpenSSL software used on the branded site servers did not include the heartbeat function, and therefore those systems were not subject to the vulnerability. 

The SFTP servers for the archive import use OpenSSH for the SSH transport and thus were not affected (they do not use the TLS protocol). 


MAX Backup and Managed Online Backup 

A full system review was performed and updates were applied to the Backup service as necessary. 

Please note: If you are using Managed Online Backup or IASO Backup with your own storage you will have to update the storage node installer. Download updates Storage Node Installer here: 

http://downloads.gfimaxbackup.com/maxdownloads/?_ga=1.212815316.1780981287.1396271847 

You must then run a re-configure of the service and restart the Cloud Storage Node service. 


In Summary

We have performed a full systems review and patched OpenSSL where we encountered the vulnerability. 


Best Regards, 

The GFI MAX Team

This entry was posted in N-sight. Bookmark the permalink.