infected files in virtfs

jlewis504

Registered
Mar 22, 2017
1
0
1
Oklahoma City, OK
cPanel Access Level
Root Administrator
A recent security scan showed that I have infected files in the virtfs folder. As I understand simply removing the files is not an option as any files that are mounted to the file will also be removed and will create an even bigger issue. My server provider recommends a complete rebuild of the OS. This is not something I want to do. I have used clamav for the security scan and below is a copy of some of the results. How do I determine if this could be a false positive and what options do I have other than rebuilding the OS for removal?

home/virtfs/savanaux/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

Does the scan show the same result for the /usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff file outside of the virtfs path?

You can also review the following documents for instructions on how to remove a user's jailed shell environment:

VirtFS - Jailed Shell - Documentation - cPanel Documentation

Thank you.