Hi there, I did a scan with ISPProtect following a customer alert concerning his emails. ISPProtect found 107 malwares . ClamAV found 7 infected files? My question now is, how can i remove thoses malwares from the server? Do I need to just delete the files one by one? EDIT: Testing my IP address on https://www.abuseat.org give me Have you any idea how to remove those malwares?
The recommended way is that you take a look into the files to see if its a legit file which contains malware, in this case, remove the malware part or replace it with a clean file from backup. If the file is pure malware, then you can delete it. The other option would be to make a backup of the site and use the quarantine function from ispprotect to remove files that are seen as malware. See https://ispprotect.com/documentation/ Code: --quarantine Move infected files to quarantine directory. --quarantine=YYYYMMDDHHMMSS Move infected files from a finished run to quarantine directory. --all Also move possibly malicious files to quarantine directory (higher risk of false positives being moved). --restore Restore all quarantined files of a scan. --whitelist File will be added to the local whitelist.
