The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamScan Results

Discussion in 'Security' started by GiviN.G, Sep 30, 2014.

  1. GiviN.G

    GiviN.G Member

    Joined:
    Sep 30, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Log file

    Code:
    root@vps [~]# tail -40 /var/log/clamav/manual_clamscan.log
    /tmp/clamav-dc813233206fc5ff6640622964d82b69.tmp/clamav-e1162d12bb0b6584d11bb97fda0df2a1.tmp: Zip.Suspect.WinDoubleExtension-zippwd-2 FOUND
    /tmp/clamav-325d38ebb462f7f770342e75810be276.tmp/clamav-b3432a3c7ed484721df5097c7389737e.tmp: Win.Trojan.Androm-107 FOUND
    /tmp/clamav-325d38ebb462f7f770342e75810be276.tmp/clamav-b3432a3c7ed484721df5097c7389737e.tmp: Win.Trojan.Androm-107 FOUND
    /tmp/clamav-325d38ebb462f7f770342e75810be276.tmp/clamav-b3432a3c7ed484721df5097c7389737e.tmp: Win.Trojan.Androm-107 FOUND
    /tmp/clamav-50c3ad2caee519457b08ba480c3a4c24.tmp/zip.000: Win.Trojan.Androm-107 FOUND
    /tmp/clamav-50c3ad2caee519457b08ba480c3a4c24.tmp/zip.000: Win.Trojan.Androm-107 FOUND
    /tmp/clamav-50c3ad2caee519457b08ba480c3a4c24.tmp/zip.000: Win.Trojan.Androm-107 FOUND
    /var/spool/exim/input/P/1XYdsP-0008QO-HG-D: Zip.Suspect.ExecutablePhoto-zippwd-2 FOUND
    /var/spool/exim/input/P/1XYdsP-0008QO-HG-D: Zip.Suspect.ExecutablePhoto-zippwd-2 FOUND
    /var/spool/exim/input/P/1XYdsP-0008QO-HG-D: Zip.Suspect.ExecutablePhoto-zippwd-2 FOUND
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 3587271
    Engine version: 0.98.4
    Scanned directories: 28943
    Scanned files: 2161274
    Infected files: 7026
    Data scanned: 34417.35 MB
    Data read: 40430.18 MB (ratio 0.85:1)
    Time: 57893.915 sec (964 m 53 s)
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 3587271
    Engine version: 0.98.4
    Scanned directories: 28943
    Scanned files: 2161274
    Infected files: 7026
    Data scanned: 34399.52 MB
    Data read: 40430.18 MB (ratio 0.85:1)
    Time: 61495.124 sec (1024 m 55 s)
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 3587271
    Engine version: 0.98.4
    Scanned directories: 28943
    Scanned files: 2161246
    Infected files: 7026
    Data scanned: 34422.34 MB
    Data read: 40430.07 MB (ratio 0.85:1)
    Time: 65095.500 sec (1084 m 55 s)
    

    Does this mean the server is infected, if so can you recommend what to do? Any scanning softwares to fix this infections?

    Thank you.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I suggest reviewing the full /var/log/clamav/manual_clamscan.log file to determine if any files outside of your mail queue and /tmp directory are infected.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    In general, things found in mail directories are benign (unless your end users like downloading shady attachments. Regardless, not really a risk to your server).

    Stuff in /tmp/ usually warrants investigation, but in this case, it seems like clamAV was scanning its own temporary files. It can probably be safely ignored.

    In general you want to scan /home*/*/public_html/ recursively, i.e.

    Code:
    clamscan -ir /home*/*/public_html/
    
     
Loading...

Share This Page