How to remove malwares found by ISPProtect

Discussion in 'ISPConfig 3 Priority Support' started by Christophe69, May 14, 2020.

  1. Christophe69

    Christophe69 Member HowtoForge Supporter

    Hi there,
    I did a scan with ISPProtect following a customer alert concerning his emails.
    ISPProtect found 107 malwares :eek:.
    ClamAV found 7 infected files?
    My question now is, how can i remove thoses malwares from the server?

    Do I need to just delete the files one by one?

    EDIT: Testing my IP address on https://www.abuseat.org give me
    Have you any idea how to remove those malwares?
     
    Last edited: May 14, 2020
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The recommended way is that you take a look into the files to see if its a legit file which contains malware, in this case, remove the malware part or replace it with a clean file from backup. If the file is pure malware, then you can delete it.

    The other option would be to make a backup of the site and use the quarantine function from ispprotect to remove files that are seen as malware. See https://ispprotect.com/documentation/

    Code:
            --quarantine            Move infected files to quarantine directory.
            --quarantine=YYYYMMDDHHMMSS     Move infected files from a finished run to quarantine directory.
            --all                   Also move possibly malicious files to quarantine directory (higher risk of false positives being moved).
            --restore               Restore all quarantined files of a scan.
            --whitelist             File will be added to the local whitelist.
     
  3. Christophe69

    Christophe69 Member HowtoForge Supporter

    Thanks, I think I have found the malicious code and it may not be too difficult to remove it.
     
    till likes this.

Share This Page