How to get ClamAV to automatically scan

Discussion in 'Server Operation' started by CarbonCopy, Aug 23, 2009.

  1. CarbonCopy

    CarbonCopy New Member

    My server was recently compromised by a c99 shell. How can I make ClamAV automatically scan each day (Just my /www folder), as well as scan all php and ftp uploads. I use proftpd and CentOS 5.3.

    I now believe my server was comprimised. I tested the C99 and some other scripts he's uploaded, and he found a kernel exploit (Reporting it to linux dev team). Anyway, he broke out of the openbase_dir restrictions, and got root priveledges. I believe i fixed the security hole, and disabled his account (and site). Do you think I should wipe my server?
    Last edited: Aug 23, 2009
  2. falko

    falko Super Moderator ISPConfig Developer

    Yes, I'd definitely do that.

Share This Page