how find files which is compromised

Cute_me

• August 18, 2015 01:44

Hi, I have shared server i have check from mail queue.one domain is sending involved in spam emails but i could not find where from emails sending.I have run Claim scan as well but not found anything.Will tell me through ssh which shell script should i run to find the way which files are involved in spam emails.

• 

  Osama Tariq

  • August 18, 2015 09:54

  Determine which directory most the SPAM is coming from: awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr

  0
• 

  waqas_websouls

  • August 18, 2015 10:33

  Use the following command to find the most used mailing script's location from the Exim maillog: grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

  0
• 

  Cute_me

  • August 18, 2015 11:32

  Thanks .I have done through maldet.

  0
• 

  cPanelMichael

  • August 18, 2015 13:46

  New Thanks .I have done through maldet.

  
  Hello :) I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.