Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd August 2009, 15:34
CarbonCopy CarbonCopy is offline
Member
 
Join Date: Apr 2009
Posts: 52
Thanks: 1
Thanked 1 Time in 1 Post
Default How to get ClamAV to automatically scan

My server was recently compromised by a c99 shell. How can I make ClamAV automatically scan each day (Just my /www folder), as well as scan all php and ftp uploads. I use proftpd and CentOS 5.3.

I now believe my server was comprimised. I tested the C99 and some other scripts he's uploaded, and he found a kernel exploit (Reporting it to linux dev team). Anyway, he broke out of the openbase_dir restrictions, and got root priveledges. I believe i fixed the security hole, and disabled his account (and site). Do you think I should wipe my server?

Last edited by CarbonCopy; 23rd August 2009 at 16:22.
Reply With Quote
Sponsored Links
  #2  
Old 24th August 2009, 12:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by CarbonCopy View Post
Do you think I should wipe my server?
Yes, I'd definitely do that.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
clamav - how to exlude filetype from scan? klonos HOWTO-Related Questions 3 16th June 2008 14:16
Weird issue with clamav and ISPConfig 2.2.23 Norman General 1 25th April 2008 10:12
ClamAV Milter Issues - Virtual Hosting Howto With Virtualmin On CentOS 5.1 pheniks HOWTO-Related Questions 14 26th March 2008 11:04
debian etch courier pop3 issue docean Installation/Configuration 6 20th March 2008 15:38
Clamav starting error scherpenzeel Installation/Configuration 3 19th May 2006 14:01


All times are GMT +2. The time now is 01:45.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.