False Alarm: New Domino Backdoor
20 April 2023
Thomas Hampel
IBM XForce is well known for the quality of their research - however this time I'm wondering about the publication.
They discovered and analyzed a new type of malware (so far so good) and they named it ... "Domino"
Don't Panic!
HCL already published this technote to clarify that this is unrelated to the HCL Domino product and has requested IBM Security X-Force to correct this unfortunate use of HCLSoftware’s registered and licensed product name.
Update!
IBM updated their article and have renamed the malware - it is now called "Minodo"
In short:
1. There is no backdoor in HCL Domino
2. The new malware which IBM has discovered has NOTHING to do with HCL Domino.
3. This malware does NOT affect HCL Domino
Reference:
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104503
https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor/
IBM XForce is well known for the quality of their research - however this time I'm wondering about the publication.
They discovered and analyzed a new type of malware (so far so good) and they named it ... "Domino"
Don't Panic!
HCL already published this technote to clarify that this is unrelated to the HCL Domino product and has requested IBM Security X-Force to correct this unfortunate use of HCLSoftware’s registered and licensed product name.
Update!
IBM updated their article and have renamed the malware - it is now called "Minodo"
In short:
1. There is no backdoor in HCL Domino
2. The new malware which IBM has discovered has NOTHING to do with HCL Domino.
3. This malware does NOT affect HCL Domino
Reference:
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104503
https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor/
We need your input - Domino Admin Survey
18 April 2023
Thomas Hampel
Hey Domino Administrators out there,
HCL is looking for your input regarding how you are managing your environment.
Can you please help by answering this small survey?
It is completely anonymous and consists of a few questions to gather information on how Domino is used and how software updates are handled by Domino customers.
It should take less than 3min. to complete.
If you are managing more than one Domino environment please submit a survey for each one.
https://hclsw.co/domino-admin-survey
Hey Domino Administrators out there,
HCL is looking for your input regarding how you are managing your environment.
Can you please help by answering this small survey?
It is completely anonymous and consists of a few questions to gather information on how Domino is used and how software updates are handled by Domino customers.
It should take less than 3min. to complete.
If you are managing more than one Domino environment please submit a survey for each one.
https://hclsw.co/domino-admin-survey
Tagged with: Administration Domino
Available now: HCL Notes/Domino 12.0.2 Fix Pack 1
17 April 2023
Thomas Hampel
HCL just released Fix Pack 1 for HCL Notes/Domino 12.0.2
More details of what has been fixed are provided in the Release Notes or if you prefer reading the classic Fix List Database style see this => Notes/Domino Fix List
Before installing this update, please verify the system requirements:
The following kits/packages are now available for download on Flexnet for entitled customers:
Notes Client
HCL Notes 12.0.2FP1 Basic Configuration for Windows English 32-bit
HCL Notes 12.0.2FP1 for Windows 32-bit
HCL Notes 12.0.2FP1 for Windows 64-bit
HCL Notes 12.0.2FP1 for Mac 64 bit
Domino Server
HCL Domino Server 12.0.2FP1 for Windows 64bit
HCL Domino Server 12.0.2FP1 for AIX
HCL Domino Server 12.0.2FP1 for Linux
HCL Domino Server 12.0.2FP1 IBMi
HCL Domino 12.0.2FP1 Docker image
HCL just released Fix Pack 1 for HCL Notes/Domino 12.0.2
More details of what has been fixed are provided in the Release Notes or if you prefer reading the classic Fix List Database style see this => Notes/Domino Fix List
Before installing this update, please verify the system requirements:
- HCL Notes 12.0.2 and 12.0.2 Fix Pack 1 System Requirements
- HCL Domino 12.0.2 and 12.0.2 Fix Pack 1 System Requirements
The following kits/packages are now available for download on Flexnet for entitled customers:
Notes Client
HCL Notes 12.0.2FP1 Basic Configuration for Windows English 32-bit
HCL Notes 12.0.2FP1 for Windows 32-bit
HCL Notes 12.0.2FP1 for Windows 64-bit
HCL Notes 12.0.2FP1 for Mac 64 bit
Domino Server
HCL Domino Server 12.0.2FP1 for Windows 64bit
HCL Domino Server 12.0.2FP1 for AIX
HCL Domino Server 12.0.2FP1 for Linux
HCL Domino Server 12.0.2FP1 IBMi
HCL Domino 12.0.2FP1 Docker image
How to run HCL Domino on a QNAP NAS
21 March 2023
Thomas Hampel
Some time ago I've done a demo running Domino on a QNAP network attached storage device.
Thanks to Docker and the Domino Container project which Daniel and I are maintaining, running a fully a featured Domino environment incl. Verse, Nomad, Rest API, Traveler and Leap is not a problem even on entry level hardware.
Datails and step-by-step instructions have been published here in the Domino container project documentation.
Enjoy reading!
Some time ago I've done a demo running Domino on a QNAP network attached storage device.
Thanks to Docker and the Domino Container project which Daniel and I are maintaining, running a fully a featured Domino environment incl. Verse, Nomad, Rest API, Traveler and Leap is not a problem even on entry level hardware.
Datails and step-by-step instructions have been published here in the Domino container project documentation.
Enjoy reading!
Help! DAOS files have been removed - the impact of a misconfigured backup job
22 February 2023
Thomas Hampel
Recently a customer approached me with a request for help. I'd like to briefly share the story here because it was an interesting case.
On a Friday, the Domino team noticed severe problems with loading attachments, users reported they are no longer able to open attachments.
It seems like no single DAOS object can be opened anymore by the server.
Domino servers are reporting: Error 0x80070780: The file cannot be acessed by the system.
Checking the DAOS repository on the Domino server's disk revealed those files are displaying with a file size of XX MByte but actually have a size of ZERO BYTES (!!!)
Potential cause? Maybe a broken hard disc or filesystem? People even assumed Domino itself would be responsible for destroying DAOS objects on disk.
To mitigate the issue, a full restore of all DAOS objects was initaited which took a couple of hours. Afterwards it seemed the situation was resolved.
However just one day later the same problem appeared. All DAOS objects again had a size of 0 byte again with millions of DAOS objects being affected.
Root cause:
It turned out the backup software ( Commvault ) was misconfigured - instead of taking a backup of DAOS objects it was configured for >archiving< them.
Archiving in this case means that files will be moved to the backup environment but a 0 byte place holder will remain.
One could claim the user interface of Commvault backup easily allows for clicking the wrong option as both of them are listed next to each other.
There is no visible difference between the configuration screens later on, so unfortunately it was a human error/mistake to click on the wrong option.
Solution:
Initiate a restore job of files that were archived to the commvault envioronment.
https://documentation.commvault.com/v11/essential/134649_restoring_archived_data.html
Lessons learned:
Dont blame the top level application for a failure just because it is most impacted.
Open a support ticket at HCL and work together as a team to investigate and resolve the issue.
Recently a customer approached me with a request for help. I'd like to briefly share the story here because it was an interesting case.
On a Friday, the Domino team noticed severe problems with loading attachments, users reported they are no longer able to open attachments.
It seems like no single DAOS object can be opened anymore by the server.
Domino servers are reporting: Error 0x80070780: The file cannot be acessed by the system.
Checking the DAOS repository on the Domino server's disk revealed those files are displaying with a file size of XX MByte but actually have a size of ZERO BYTES (!!!)
Potential cause? Maybe a broken hard disc or filesystem? People even assumed Domino itself would be responsible for destroying DAOS objects on disk.
To mitigate the issue, a full restore of all DAOS objects was initaited which took a couple of hours. Afterwards it seemed the situation was resolved.
However just one day later the same problem appeared. All DAOS objects again had a size of 0 byte again with millions of DAOS objects being affected.
Root cause:
It turned out the backup software ( Commvault ) was misconfigured - instead of taking a backup of DAOS objects it was configured for >archiving< them.
Archiving in this case means that files will be moved to the backup environment but a 0 byte place holder will remain.
One could claim the user interface of Commvault backup easily allows for clicking the wrong option as both of them are listed next to each other.
There is no visible difference between the configuration screens later on, so unfortunately it was a human error/mistake to click on the wrong option.
Solution:
Initiate a restore job of files that were archived to the commvault envioronment.
https://documentation.commvault.com/v11/essential/134649_restoring_archived_data.html
Lessons learned:
Dont blame the top level application for a failure just because it is most impacted.
Open a support ticket at HCL and work together as a team to investigate and resolve the issue.
Tagged with: Administration Domino