I installed ClamAv - unfortunatly the version of ubuntu server I have running is not the latest, and the clamav in the repository is not the most up to date. I tried to install from source, but got plenty of errors compile errors.
Here is a clamav (old version) log: //var/www/rcsu/tikiwiki/dump/s.php: PHP.Defash.B FOUND //var/www/rcsu/tikiwiki/styles/style.php: PHP.ShellExec FOUND //var/www/rcsu/tikiwiki/files/lndex.php: PHP.ShellExec FOUND //var/www/rcsu/tikiwiki/backups/r.php: PHP.Shell FOUND I shut off samba, but I have a feeling it is more of a tikiwiki exploit upload thing. I am going to just delete the files, update tikiwiki, update ubuntu server and make sure that clamav is the latest. ----- Original Message ----- From: "Bjorn Behrendt" <[EMAIL PROTECTED]> To: [email protected] Sent: Friday, July 18, 2008 1:38:48 PM GMT -05:00 US/Canada Eastern Subject: virus found on web server Please help, I don't know how to clean a virus from a linux webserver. My webserver keeps flooding our network untill everything crashes, and when I did a manual backup the other day my antivirus poped up with an infection, see attached. Bjorn Behrendt Proctor School District [EMAIL PROTECTED]
