Sorry, I don't follow
Can you clarify, the server you stated above that was reported as performing malicious activity...
Mon May 27 00:11:18 2013 TCP 178.32.***.*** 80 => 220.127.116.11 1234
That is one of your OVH ones? Are you saying you don't think you have a web server running on it? In which case I'd suggest you check that server as there is some process kicking out traffic from tcp port 80 which is what that network report is submitted for.
Also, when you say netscan - is it your own machines you are portscanning or other peoples?