What does this mean? Malware / spam bot? Whats's the best way to search for malware? To prevent it? root@server:~# sudo lsof -i | grep smtp php-cgi 23036 ispconfig 8u IPv4 424774220 0t0 TCP web01.server.nl:38491->col0-mc1-f.col0.hotmail.com:smtp (SYN_SENT)
Please post the complete lsof output for the process ID 23036. The line you posted can just be a client notification or something similar. sudo lsof -i | grep 23036 you can scan your server with maldetect and clamav.