ClamScan Results
Log file
Does this mean the server is infected, if so can you recommend what to do? Any scanning softwares to fix this infections? Thank you.
root@vps [~]# tail -40 /var/log/clamav/manual_clamscan.log
/tmp/clamav-dc813233206fc5ff6640622964d82b69.tmp/clamav-e1162d12bb0b6584d11bb97fda0df2a1.tmp: Zip.Suspect.WinDoubleExtension-zippwd-2 FOUND
/tmp/clamav-325d38ebb462f7f770342e75810be276.tmp/clamav-b3432a3c7ed484721df5097c7389737e.tmp: Win.Trojan.Androm-107 FOUND
/tmp/clamav-325d38ebb462f7f770342e75810be276.tmp/clamav-b3432a3c7ed484721df5097c7389737e.tmp: Win.Trojan.Androm-107 FOUND
/tmp/clamav-325d38ebb462f7f770342e75810be276.tmp/clamav-b3432a3c7ed484721df5097c7389737e.tmp: Win.Trojan.Androm-107 FOUND
/tmp/clamav-50c3ad2caee519457b08ba480c3a4c24.tmp/zip.000: Win.Trojan.Androm-107 FOUND
/tmp/clamav-50c3ad2caee519457b08ba480c3a4c24.tmp/zip.000: Win.Trojan.Androm-107 FOUND
/tmp/clamav-50c3ad2caee519457b08ba480c3a4c24.tmp/zip.000: Win.Trojan.Androm-107 FOUND
/var/spool/exim/input/P/1XYdsP-0008QO-HG-D: Zip.Suspect.ExecutablePhoto-zippwd-2 FOUND
/var/spool/exim/input/P/1XYdsP-0008QO-HG-D: Zip.Suspect.ExecutablePhoto-zippwd-2 FOUND
/var/spool/exim/input/P/1XYdsP-0008QO-HG-D: Zip.Suspect.ExecutablePhoto-zippwd-2 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 3587271
Engine version: 0.98.4
Scanned directories: 28943
Scanned files: 2161274
Infected files: 7026
Data scanned: 34417.35 MB
Data read: 40430.18 MB (ratio 0.85:1)
Time: 57893.915 sec (964 m 53 s)
----------- SCAN SUMMARY -----------
Known viruses: 3587271
Engine version: 0.98.4
Scanned directories: 28943
Scanned files: 2161274
Infected files: 7026
Data scanned: 34399.52 MB
Data read: 40430.18 MB (ratio 0.85:1)
Time: 61495.124 sec (1024 m 55 s)
----------- SCAN SUMMARY -----------
Known viruses: 3587271
Engine version: 0.98.4
Scanned directories: 28943
Scanned files: 2161246
Infected files: 7026
Data scanned: 34422.34 MB
Data read: 40430.07 MB (ratio 0.85:1)
Time: 65095.500 sec (1084 m 55 s)
Does this mean the server is infected, if so can you recommend what to do? Any scanning softwares to fix this infections? Thank you.
-
Hello :) I suggest reviewing the full /var/log/clamav/manual_clamscan.log file to determine if any files outside of your mail queue and /tmp directory are infected. Thank you. 0 -
In general, things found in mail directories are benign (unless your end users like downloading shady attachments. Regardless, not really a risk to your server). Stuff in /tmp/ usually warrants investigation, but in this case, it seems like clamAV was scanning its own temporary files. It can probably be safely ignored. In general you want to scan /home*/*/public_html/ recursively, i.e. clamscan -ir /home*/*/public_html/0
Please sign in to leave a comment.
Comments
2 comments