Re: [clamav-users] Installing question

[MOHAMED OMAR MAKRAM via clamav-users]

G.W.,
Sorry for adding to your daily problems. I didn't know this isn't the place
to get the help I need, and I don't have issues in my sites as long as I am
still paying for the high-priced firewall and virus scan.
I am not impatient. I couldn't find a solution nor a place to find an
answer yet. I am here attempting to find that solution or to find the place
where I can search for it. There is no good support that I know on
drupal.org
,
nor for Drupal period. I can post a question and wait months before someone
could see it.

Do you project your life's problems on others all the time? You could've
just said that this isn't the place to get help for that issue or you can
just say where can I find the help I need (besides google it). I am not
here disrespecting others. I am looking for help. If it isn't the place for
it, I will gladly leave but some people did give me some helpful feedback.



On Thu, Mar 28, 2019 at 10:04 AM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello,
>
> On Thu, 28 Mar 2019,  MOHAMED OMAR MAKRAM wrote:
>
> > I've had this for few months. The only thing i was able to do is to
> > pay for virus protection but it is so expensive.  Is there a way to
> > find those hidden files? Do you think they are in the db or in the
> > files?  I am moving out to another server right now. Is there a good
> > process to do this without copying the virus along with the files?
>
> Firstly, you have already been told that this is not the right mailing
> list for your questions.  Many such lists and similar resources exist.
> Search for them.
>
> Secondly, even if you were to install ClamAV, with your current level
> of skill you would not be able to use it to solve your problems.  In
> my view, ClamAV is not now and never will be capable of solving them
> because that is not why it was developed.  As far as I can tell its
> main attraction for you is that it is free, and that people on this
> mailing list support it for free.  It would be far better for you to
> find out what your problem is before you try to implement a solution.
> If you must pay for it, then you need to do a cost-benefit analysis.
>
> Thirdly, if you are making Websites available on the public Internet
> and those Websites are not properly secured, and indeed have already
> been compromised, then you represent a danger, not only to the people
> who visit those sites, but also to *any* Internet-connected equipment.
> That is both irresponsible and reprehensible.  The fact that you have
> ignored advice that your questions are inappropriate for this mailing
> list probably tells us how much you have thought about that, or care.
>
> My advice is to stop what you are doing until either you can find
> someone competent to do it safely for you, or you become sufficiently
> competent to do it safely yourself.
>
> There is no quick HOWTO for the impatient.  Please do not willfully
> add to the problems that the rest of us have to face daily.
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> 
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
>
> http://www.clamav.net/contact.html#ml
> 
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installing question

[MOHAMED OMAR MAKRAM via clamav-users]

Thank you, Terry,
Can you help me narrow down how to learn or follow your advice of checking
the site permissions and extensions/modules? I am using Drupal 7.
Do you know of a step-by-step guide to doing that for a newbie like myself?







On Wed, Mar 27, 2019 at 1:54 PM  wrote:

> If the malware files keep returning, you better check your site
> permissions and extensions/modules on the site. Moving it to a different
> hosting company won’t fix it.
>
> Terry
>
>
>
> *From:* clamav-users  *On Behalf
> Of *MOHAMED OMAR MAKRAM via clamav-users
> *Sent:* Wednesday, March 27, 2019 12:26 PM
> *To:* ClamAV users ML 
> *Cc:* MOHAMED OMAR MAKRAM 
> *Subject:* {Disarmed} Re: [clamav-users] Installing question
>
>
>
> Thank you, Scott, but that is not the site I am worried about, and I don't
> have a problem currently because I am paying for virus protection and a
> firewall at $21 per month for each site.
>
> I want to stop paying for a virus and a firewall for all my sites and move
> it out from GoDaddy and put it into Hostgator. I am done with GoDaddy.
> Right now you won't be able to see any issues because the virus-created
> files are quarantined. The minute I stop paying for the virus scan and
> firewall, even if I deleted those quarantined files, I will have them
> coming back again and again.
>
>
>
>
>
> My sites are:
>
> *MailScanner has detected a possible fraud attempt from "llink.to"
> claiming to be* https://www.twelvestepjournaling.com/
> <https://llink.to/?u=https:%2F%2Fwww.twelvestepjournaling.com%2F=465642cfc9f048e98cc85ab6a7990aa6>
>
>
> *MailScanner has detected a possible fraud attempt from "llink.to"
> claiming to be* https://www.intentionalbeings.com/
> <https://llink.to/?u=https:%2F%2Fwww.intentionalbeings.com%2F=465642cfc9f048e98cc85ab6a7990aa6>
>
>
> *MailScanner has detected a possible fraud attempt from "llink.to"
> claiming to be* https://www.cocreationsmanager.com/
> <https://llink.to/?u=https:%2F%2Fwww.cocreationsmanager.com%2F=465642cfc9f048e98cc85ab6a7990aa6>
>
>
>
>
> On Wed, Mar 27, 2019 at 10:58 AM SCOTT PACKARD via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> There's almost nothing going on on your web site http://tucson-az-cpa.com/.
> It should be an easy job to restore it from whatever offline source you
> have.
>
> If all you're worried about is "visitors to your site they get a message
> that the site is unsecured", I think getting https:// going is what
> you're after.
>
> Maybe go and read https://letsencrypt.org/ .
>
>
>
> Regards, Scott
>
>
>
> *From:* clamav-users  *On Behalf
> Of *MOHAMED OMAR MAKRAM via clamav-users
> *Sent:* Wednesday, March 27, 2019 10:32 AM
> *To:* ClamAV users ML 
> *Cc:* MOHAMED OMAR MAKRAM ; J.R. <
> themadbea...@gmail.com>
> *Subject:* [External] Re: [clamav-users] Installing question
>
>
>
> I've had this for few months. The only thing i was able to do is to pay
> for virus protection but it is so expensive.
>
> Is there a way to find those hidden files? Do you think they are in the
> db or in the files?
>
> I am moving out to another server right now. Is there a good process to do
> this without copying the virus along with the files?
>
>
>
> Thanks for your help
>
> [image: Image removed by sender.]
>
>
>
> On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> > I do not know if the virus is on the server, in the files, or in the db.
> > Here is what I know:
> > Under each folder of each site, files appear with a name such as:
> > f68z319m.php
> > When visitors go to my websites, they get a message that the site is
> > unsecured
> >
> > Does this information help identify the issue, or where to look for the
> > virus?
>
> Did you look at the contents of those files? Sounds like someone is
> exploiting code to upload files which could then be used to do all
> sorts of nasty things. That could be an issue with drupal or packages
> on your system being out of date. Often that is just the first step
> and once they upload one file they use it to upload a lot more in
> hidden directories and modifying files and such...
>
> I hope you have a recent backup...
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> --
>
> *Mohame

Re: [clamav-users] Installing question

[MOHAMED OMAR MAKRAM via clamav-users]

Thank you, Scott, but that is not the site I am worried about, and I don't
have a problem currently because I am paying for virus protection and a
firewall at $21 per month for each site.
I want to stop paying for a virus and a firewall for all my sites and move
it out from GoDaddy and put it into Hostgator. I am done with GoDaddy.
Right now you won't be able to see any issues because the virus-created
files are quarantined. The minute I stop paying for the virus scan and
firewall, even if I deleted those quarantined files, I will have them
coming back again and again.


My sites are:
https://www.twelvestepjournaling.com/
<https://llink.to/?u=https:%2F%2Fwww.twelvestepjournaling.com%2F=465642cfc9f048e98cc85ab6a7990aa6>

https://www.intentionalbeings.com/
<https://llink.to/?u=https:%2F%2Fwww.intentionalbeings.com%2F=465642cfc9f048e98cc85ab6a7990aa6>

https://www.cocreationsmanager.com/
<https://llink.to/?u=https:%2F%2Fwww.cocreationsmanager.com%2F=465642cfc9f048e98cc85ab6a7990aa6>


On Wed, Mar 27, 2019 at 10:58 AM SCOTT PACKARD via clamav-users <
clamav-users@lists.clamav.net> wrote:

> There's almost nothing going on on your web site http://tucson-az-cpa.com/.
> It should be an easy job to restore it from whatever offline source you
> have.
>
> If all you're worried about is "visitors to your site they get a message
> that the site is unsecured", I think getting https:// going is what
> you're after.
>
> Maybe go and read https://letsencrypt.org/ .
>
>
>
> Regards, Scott
>
>
>
> *From:* clamav-users  *On Behalf
> Of *MOHAMED OMAR MAKRAM via clamav-users
> *Sent:* Wednesday, March 27, 2019 10:32 AM
> *To:* ClamAV users ML 
> *Cc:* MOHAMED OMAR MAKRAM ; J.R. <
> themadbea...@gmail.com>
> *Subject:* [External] Re: [clamav-users] Installing question
>
>
>
> I've had this for few months. The only thing i was able to do is to pay
> for virus protection but it is so expensive.
>
> Is there a way to find those hidden files? Do you think they are in the
> db or in the files?
>
> I am moving out to another server right now. Is there a good process to do
> this without copying the virus along with the files?
>
>
>
> Thanks for your help
>
> [image: Image removed by sender.]
>
>
>
> On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> > I do not know if the virus is on the server, in the files, or in the db.
> > Here is what I know:
> > Under each folder of each site, files appear with a name such as:
> > f68z319m.php
> > When visitors go to my websites, they get a message that the site is
> > unsecured
> >
> > Does this information help identify the issue, or where to look for the
> > virus?
>
> Did you look at the contents of those files? Sounds like someone is
> exploiting code to upload files which could then be used to do all
> sorts of nasty things. That could be an issue with drupal or packages
> on your system being out of date. Often that is just the first step
> and once they upload one file they use it to upload a lot more in
> hidden directories and modifying files and such...
>
> I hope you have a recent backup...
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
> --
>
> *Mohamed Omar Makram, CPA*
>
> *Osiris CPA, PLLC <http://tucson-az-cpa.com/>*
>
> *Tele: (520) 906-1863*
>
> *Fax: (520) 448-0706*
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
*Mohamed Omar Makram, CPA*
*Osiris CPA, PLLC <http://tucson-az-cpa.com/>Tele: (520) 906-1863*
*Fax: (520) 448-0706*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installing question

[MOHAMED OMAR MAKRAM via clamav-users]

I do not know if the virus is on the server, in the files, or in the db.
Here is what I know:
Under each folder of each site, files appear with a name such as:
f68z319m.php
When visitors go to my websites, they get a message that the site is
unsecured

Does this information help identify the issue, or where to look for the
virus?

Thank you. I am really desperate for help.

On Wed, Mar 27, 2019 at 8:47 AM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I agree with What J.R. said regarding "bigger issues". ClamAV and other
> anti-malware tools may help you detect malware before it runs on your
> machine, but it is not sufficient to get rid of it if your system has
> already been compromised.  It  would be safest to rescue your data offline
> and reinstalling your operating system from scratch.  Hopefully you have
> backups you can revert to, if a fresh reinstall isn't an option for you.
> This is personal advice, and I take no responsibility for any data loss you
> may incur.  This mailing list is also not the best avenue for incident
> response advice.
>
> For those wishing to use ClamAV, we do have step by step instructions to
> install ClamAV for a handful of operating systems using the materials we
> publish:
>
> Windows - http://www.clamav.net/documents/installing-clamav-on-windows
> 
> Debian & Ubuntu -
> https://www.clamav.net/documents/installation-on-debian-and-ubuntu-linux-distributions
> 
> Redhat & CentOS -
> https://www.clamav.net/documents/installation-on-redhat-and-centos-linux-distributions
> 
> macOS - https://www.clamav.net/documents/installation-on-macos-mac-os-x
> 
>
> Regards,
> Micah
>
> On 3/27/19, 9:37 AM, "clamav-users on behalf of J.R. via clamav-users" <
> clamav-users-boun...@lists.clamav.net
> 
> on behalf of clamav-users@lists.clamav.net
> >
> wrote:
>
> > I am new here and I don't know how to use drush or command line. Can
> I
> > still install clamav? Is there an installation guide for absolute
> beginners
> > like me?
>
> What OS? Windows there is an exe that has a GUI. Linux distro's
> typically have their own packages which you would install through your
> OS's package manager.
>
> There's lots of guides out there, just have to google...
>
> > I have a virus on my server and I have no idea where to begin to get
> rid of
> > it. I have four sites, all are personal sites and all are drupal.
>
> If drupal got exploited, you are going to have bigger issues and
> probably more than what ClamAV will find.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> 
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
>
> http://www.clamav.net/contact.html#ml
> 
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> 
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
>
> http://www.clamav.net/contact.html#ml
> 
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:

[clamav-users] Installing question

[MOHAMED OMAR MAKRAM via clamav-users]

hi there,
I am new here and I don't know how to use drush or command line. Can I
still install clamav? Is there an installation guide for absolute beginners
like me?

I have a virus on my server and I have no idea where to begin to get rid of
it. I have four sites, all are personal sites and all are drupal.

Please guide me in the right direction.
Thank You
Yogiart

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml