Server :: Locating Infected Files In Logs?
Oct 29, 2010
I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:
Code:
----------- SCAN SUMMARY -----------
Known viruses: 847768
Engine version: 0.96.4
Scanned directories: 23114
Scanned files: 1066439
Infected files: 2
[Code]....
View 5 Replies
ADVERTISEMENT
Jun 8, 2011
I'm new here and still searching how this forum works, but can anybody tell me where i can find the temporary internet files? In windows it was easy, but ubuntu 11.04 is totaly diferent. I use it now for 5 days and i'm happy i changed to ubuntu.
View 2 Replies
View Related
Nov 10, 2010
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
View 8 Replies
View Related
Mar 29, 2011
I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
View 1 Replies
View Related
May 18, 2011
I have iomega appliance, which is based on Debian distribution. There is an NFS share that I have created which is without password.Since it is without password, there are some viruses copied. I want to find out which IP address is the source of these files. In other words, I want to know which PC is copying these infected files on the NFS share.
View 3 Replies
View Related
Sep 2, 2010
My Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing),
- Kaspersky Rescue CD 10 (removed infections, now detects nothing),
- Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot.
2) Copy over files from Windows XP partition using Xubuntu.
3) Back up files to an external drive using Xubuntu.
4) Reinstall XP Pro and format hard drive.
5) Reinstall Xubuntu with dual boot.
6) Use Xubuntu for daily use.
7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
View 8 Replies
View Related
Jul 31, 2010
I am facing a security issue on my server. I can see many process like pscan2, scanssh and ./sshf processing on 'top'. The owner of these processes is non root account. Can anybody let me know what can be the extent of loss due to these suspicious scripts? How can I permanently remove these scripts from my server. Please note that I am using CentOS 5.5 (64bit).
View 4 Replies
View Related
Jul 23, 2011
"locate" is locating files that no longer exist (I have recently deleted).How can I 'flush' locates cache?
View 5 Replies
View Related
Jul 27, 2010
I have setup a postfix mailserver and it seems to be working ok, we are only using this to relay mail to our forum users. Its not being used to recieve any email only send them out to the internet.
What is the difference between the mail.log and mail.info files? Can I turn one or both off? I see alot of messages like...
Just wondering what this string of log entries means? Also I am getting duplicates in the syslog file as well.
View 2 Replies
View Related
Oct 12, 2010
I have to administer a few mail servers, a mail log server, 4 nameservers and a web server -all running on Centos 5 server distributions. Now I have a task: to avoid accidental crashes on the production servers while installing updates, my boss asked me to do clones (these clones will all be VMware virtual machines) of the servers (EXCLUDING the actual e-mails and mail log contents) and then to run those clones on VMWare Server. This way, first I will install and test updates on the clones and - if they will be running without crashes - I will apply the updates on the real production servers themselves. I have already installed VMWare Server 2.0 I have a few questions:
- How do I build the virtual machines to exclude the actual mail files and mail logs? Can I use VMware Converter for this purpose, or do I have to use another program?
- How do I actually do this cloning? Is there a tutorial on how to do this?
View 3 Replies
View Related
Jul 21, 2009
I would like to monitor a RedHat via snmp. I would like to make available data via snmp. The data that I would like to graph are only present in logs file. Is it possible to parse data from applicative logs and have them available for my cacti server via snmp? I already monitor CPU, mem, and others with cacti using the standard MIB.What would be the logical step I would need to achieve that?
View 1 Replies
View Related
Sep 3, 2010
I am trying to grep a particular string from the files of 2 different servers without copying and calculate the total count of its occurence on both files. File structure is same on both servers and for reference as follows:
Code:
27-Aug-2010 10:04:30,601|919122874903|phtunes_app|1282243292627|NotifySmsReception|DMGenerateLogInterceptor - ExternalTransactionID:SDP-DM-26713018, TransactionStatus:Requested
27-Aug-2010
[code]....
View 6 Replies
View Related
Oct 24, 2010
I Have RHEL4 running on IBM X3550 server, we request IBM support regarding issues with this server, they will request for IBM DSA logs. The logs are quite extensive and cover almost all server config & can identify hardware issues with drivers...etc. I want to know if there is a way to analysis those logs offline without sending them to IBM support?
View 3 Replies
View Related
Mar 2, 2011
Some time ago I did something on my laptop in Ubuntu 10.4 which enabled the Ctrl key to create concentric rings around the cursor so I could find it. I still have that, and it's very useful. But I discovered that it also created very pretty ripples in my wallpaper, as if a stone had been thrown into a pond, and that additional effect has suddenly gone away.I can't remember where this keybinding was set up, and I have searched in vain in CompizConfig for it.
View 2 Replies
View Related
Aug 8, 2010
Using fedora, when I try "ftp" I get command not found. I have tried "which ftp" and and get "no ftp in" then the bin dir's. I have tried the "locate ftp" but also can't see it: I see lftp, but never heard of it before, is this new and replaced ftp.
Code:
locate ftp
/etc/lftp.conf
/etc/selinux/targeted/modules/active/modules/ftp.pp
/etc/selinux/targeted/modules/active/modules/tftp.pp
/lib/modules/2.6.33.3-85.fc13.i686/kernel/net/ipv4/netfilter/nf_nat_ftp.ko
/lib/modules/2.6.33.3-85.fc13.i686/kernel/net/ipv4/netfilter/nf_nat_tftp.ko
/lib/modules/2.6.33.3-85.fc13.i686/kernel/net/netfilter/nf_conntrack_ftp.ko
/lib/modules/2.6.33.3-85.fc13.i686/kernel/net/netfilter/nf_conntrack_tftp.ko
/lib/modules/2.6.33.3-85.fc13.i686/kernel/net/netfilter/ipvs/ip_vs_ftp.ko
/lib/security/pam_ftp.so .....
View 5 Replies
View Related
Jun 10, 2011
How to get the Q2 patching logs of particular server (Linux 2.6.9-100.EL)
View 1 Replies
View Related
Jan 11, 2010
how to find logs in hp-ux server why it get unexpected shut..down is any hardware failure or or its been hard boot
View 3 Replies
View Related
Aug 25, 2010
I was wondering how could I specify for how long the logs will be kept. Rsyslog doesn't have such an option (at least I didn't find it).Do I have to use logrotate for this, or is there some other option?
View 1 Replies
View Related
Oct 5, 2010
how to check maillogs for previous days. wht is command to check log for yesturday in sendmail8.14 .fedora os i know /var/log/maillog.this gives o/p for today but wht abut yesturday.?
View 10 Replies
View Related
Mar 9, 2011
Iam looking security specific event ID on Linux .hear are thousnds of event ID in Microsoft Windows/XP and VISTA etc. Similar way looking for Linux,unix ,Solaries,AIX etc event ID. I would to correlate and implement with Arcsight.
View 2 Replies
View Related
Apr 19, 2011
We are forwarding logs (perl script executed logs) to one Red Hat Linux box. We have to get 97 logs for each time the script runs. But we see inconsistent number of logs coming to Linux box. Like one time we got 56, other time 3 , other time 43.. like this.. We are sure that 97 logs are being forwarded. Checked the Rsyslog.config filer any filters and couldn't see any filter dropping them. When we run the tcpdump, we can see 97 connections, but logs are not there in specified location.
View 1 Replies
View Related
Oct 20, 2010
how to setup logs in Vsftpd? I have default configuration in CentOS but its not log`ing
View 1 Replies
View Related
Jan 27, 2011
I am in process of installing a VMware tools PKg and am being asked for the path to the C headers for the kernel. I've browsed every folder, found lots of 'C' header files and tried these paths but none are being taken by the script. which path I need to provide for 'the C headers' for my kernel? running Piapix, Deb5. The os is running perfectly so I doubt there is error other than I am not 'wise' enough to locate these little buggers!
View 2 Replies
View Related
Feb 28, 2011
I'm trying to run a "Garry's Mod" game server on my dedicated server. I'm using a very helpful tutorial on the Gmod wiki (I cannot post a link to it as I don't have 15 posts or more ).
Now I have very, very little experience with Linux (I am running Debian on it). However, I've gotten quite far in the tutorial, and everything looks to be perfect. I am using putty to access my server, but I also have FTP on it.
Basically, when I need to access a certain folder called "orangebox" (using cd orangebox), an error comes up saying this:-bash: cd: orangebox: No such file or directory.
However, I know that there is such a folder, as I can see it fine on FTP.
View 14 Replies
View Related
Jun 19, 2010
I want to unpack tar.gz package. Where should I locate the package I want to unpack?
View 3 Replies
View Related
May 14, 2011
I need to locate a file in my system having to do with backing up the hard drive. I have the file name, but where do I place it to find the appropriate file?
View 8 Replies
View Related
Oct 31, 2010
Since Port 80 and 443 are the only ports I have open, how is it that an IPAddress can hit my server yet not appear in ANY logs ?
View 9 Replies
View Related
Dec 26, 2010
I am installing RHEL 5.5 to be a syslog server to collects logs from servers (HP-UX, Linux, Windows and Cisco Network Devices). and i can now collect logs from my windows PC on syslog linux server by using Datagram SyslogAgent software. can collect logs from HP-UX 11.23 server. and i configuring the Unix server as in the steps below:
1. Log in as root
2. Go to /etc/syslog.conf
3. Add a line: *.*<tab>@<Sentinel Server IP Address>
*.* @10.15.1.5
4. Save and Close
# netstat -na | grep 514
tcp 0 0 *.514 *.* LISTEN
udp 0 0 *.514 *.*
[code]....
View 1 Replies
View Related
Feb 24, 2011
i am monitoring access log messages in squid proxy server,can it possible to get date,time,day in access logs is it possible
View 2 Replies
View Related
Jan 17, 2011
configure syslog server on ubuntu now i want to export logs of windows and ubuntu desktop to the syslog server
View 6 Replies
View Related
