-----Original Message----- From: Christopher Sawtell [mailto:[EMAIL PROTECTED] Sent: 19 September 2007 12:39 p.m. To: [email protected] Subject: Re: Virus Software Advice
http://www.f-prot.com/ http://www.sourcefire.com/products/clamav/ I suggest buying a subscription so you receive timely updates of the virus signatures. Also run the server behind an IPCop or similar with snort running. http://www.ipcop.org/ http://www.pfsense.org/ http://www.snort.org/ But, imho, the most important is to close the crack(s) in the code which generates the page(s). It's infecting a single php script on a single site (so far from what we've found). The script's for a contact page and when infected it throws all the original php scipt into plain text (ie you can see it on the screen) then when you view the code for the script there's two links to different pages. At the moment we are re-building the website from a back-up and giving the guy new password incase someone has his ftp details. The permissions for the page are standard ie: 644, so that shouldn't be causing issues. It's either on our server somewhere and is overwriting the page when we change it or someone has his ftp and has set a cron job to overwrite. The php is a standard script which we use for other contact pages throughout the server so if there is an issue with the script my guess is that it would be infecting other sites. Any other ideas what could be causing this to overwrite our changes?
