How to get ClamAV to automatically scan
My server was recently compromised by a c99 shell. How can I make ClamAV automatically scan each day (Just my /www folder), as well as scan all php and ftp uploads. I use proftpd and CentOS 5.3.
I now believe my server was comprimised. I tested the C99 and some other scripts he's uploaded, and he found a kernel exploit (Reporting it to linux dev team). Anyway, he broke out of the openbase_dir restrictions, and got root priveledges. I believe i fixed the security hole, and disabled his account (and site). Do you think I should wipe my server?
Last edited by CarbonCopy; 23rd August 2009 at 17:22.